Created attachment 257043 [details] git diff for security/vaultwarden Patch for security/vaultwarden attached. Patches for security/vuxml and www/vaultwarden-web_vault following soon.
Note that 1.32.7 has 3 known vulnerabilities. Can we change the dependency to require www/vaultwarden-web_vault version 2025.1.1? That port also requires an update, I see that is 284401 is exactly that.
Hi Bernard, I created bug #284401 and added the dependency in the current ticket :) Is there something still missing? For the 3 known vulnerabilities, I just saw you documented them in security/vuxml https://cgit.freebsd.org/ports/commit/?id=88f39d025c1cf74638326605ac6b876f07ceb9c1 I was wondering if we should update the entry with the CVE ids published today?
Created attachment 257055 [details] git diff security/vuxml Adding CVE IDs to security/vuxml vaulwarden entry. Not sure why the third vulnerability hasn't got any CVE… yet?
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=75bb613dd6e8accf6a90ae0dde6e95290b94d253 commit 75bb613dd6e8accf6a90ae0dde6e95290b94d253 Author: Michael Reifenberger <mr@FreeBSD.org> AuthorDate: 2025-01-30 20:26:36 +0000 Commit: Michael Reifenberger <mr@FreeBSD.org> CommitDate: 2025-01-30 20:26:36 +0000 security/vaultwarden: Security update to 1.33.0 Also added CVE IDs to security/vuxml vaulwarden entry. PR: 284399 Reported by: foudfou security/vaultwarden/Makefile | 3 +- security/vaultwarden/Makefile.crates | 140 +++++----- security/vaultwarden/distinfo | 286 +++++++++++---------- .../vaultwarden/files/patch-rust-1.84.0 (gone) | 57 ---- security/vuxml/vuln/2025.xml | 7 +- 5 files changed, 231 insertions(+), 262 deletions(-)
Done. Thanks!