270230 – security/vuxml: CVE-2023-25690 and CVE-2023-27522: linked page: 404, not found

Bug 270230 - security/vuxml: CVE-2023-25690 and CVE-2023-27522: linked page: 404, not found

Summary: security/vuxml: CVE-2023-25690 and CVE-2023-27522: linked page: 404, not found

Status:	Open

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Ports Security Team

URL:	https://github.com/grahamperrin/freeb...
Keywords:

Depends on:
Blocks:

Reported:	2023-03-15 00:17 UTC by Graham Perrin
Modified:	2023-03-21 16:53 UTC (History)
CC List:	3 users (show)

See Also:	270037

Flags:	bugzilla: maintainer-feedback? (ports-secteam)

Attachments
Remove empty cvname tag (481 bytes, patch) 2023-03-21 09:08 UTC, Michael Glaus	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Graham Perrin freebsd_committer

2023-03-15 00:17:16 UTC

Bug 270037 is fixed, and <https://www.freshports.org/vuxml.php?package=apache24> leads to <https://www.freshports.org/vuxml.php?vid=00919005-96a3-11ed-86e9-d4c9ef517024%7C0c2db2aa-5584-11e7-9a7d-b499baebfeaf%7C25b78bdd-25b8-11ec-a341-d4c9ef517024%7C4364e1f1-0f44-11e4-b090-20cf30e32f6d%7C457ce015-67fa-11e7-867f-b499baebfeaf%7C49adfbe5-e7d1-11ec-8fbd-d4c9ef517024%7C5804b9d4-a959-11e4-9363-20cf30e32f6d%7C6601c08d-a46c-11ec-8be6-d4c9ef517024%7C76700d2f-d959-11ea-b53c-d4c9ef517024%7C76b085e2-9d33-11e7-9260-000c292ee6b8%7C862d6ab3-c75e-11e6-9f98-20cf30e32f6d%7C882a38f9-17dd-11ec-b335-d4c9ef517024%7C8b1a50ab-8a8e-11e8-add2-b499baebfeaf%7C8edeb3c1-bfe7-11ed-96f5-3497f65b111b%7C91ecb546-b1e6-11e3-980f-20cf30e32f6d%7Ca12494c1-2af4-11e5-86ff-14dae9d210b8%7Cb360b120-74b1-11ea-a84a-4c72b94353b5%7Cca4d63fb-f15c-11e2-b183-20cf30e32f6d%7Cca982e2d-61a9-11ec-8be6-d4c9ef517024%7Ccaf545f2-c0d9-11e9-9051-4c72b94353b5%7Ccb0bf1ec-bb92-11e6-a9a5-b499baebfeaf%7Ccce76eca-ca16-11eb-9b84-d4c9ef517024%7Ccf2105c6-551b-11e9-b95c-b499baebfeaf%7Cd001c189-2793-11ec-8fb1-206a8a720317%7Ce182c076-c189-11e8-a6d2-b499baebfeaf%7Ce9d1e040-42c9-11e6-9608-20cf30e32f6d%7Ceb888ce5-1f19-11e9-be05-4c72b94353b5%7Cf38187e7-2f6e-11e8-8f07-b499baebfeaf>, but then, to the left of CVE-2023-27522 and CVE-2023-25690, the link to <https://www.vuxml.org/freebsd/8edeb3c1-bfe7-11ed-96f5-3497f65b111b.html> results in:

> 404 Not Found

Comment 1 Michael Glaus 2023-03-21 09:08:25 UTC

Created attachment 241033 [details]
Remove empty cvname tag

I noticed that the entry for jenkins vulnerabilities from 2023-03-09 included a empty <cvename> tag. Maybe this causes a problem during parsing of the file.

https://cgit.freebsd.org/ports/commit/?id=ef50a6277496459f96eff8bb96287995511ad5d4

The attached file contains a patch to remove the empty <cvename> tag.