opensourcemirror
/
opnsense-ports
mirror of https://github.com/opnsense/ports.git
1
0
Fork 0
Code Issues Releases Wiki Activity

security/vuxml: sync with upstream 

Taken from: FreeBSD
This commit is contained in:
Franco Fichtner 2024-04-18 13:36:42 +02:00
parent 7ada95f3c9
commit 96ef0f0904
1 changed files with 91 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
security/vuxml/vuln/2024.xml
View File

@ -1,3 +1,94 @@
<vuln vid="f90bf863-e43c-4db3-b5a8-d9603684657a">
<topic>electron{27,28,29} -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron27</name>
<range><lt>27.3.11</lt></range>
</package>
<package>
<name>electron28</name>
<range><lt>28.3.1</lt></range>
</package>
<package>
<name>electron29</name>
<range><lt>29.3.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron develpers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.3.11">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-3515.</li>
<li>Security: backported fix for CVE-2024-3516.</li>
<li>Security: backported fix for CVE-2024-3157.</li>
<li>Security: backported fix for CVE-2024-1580.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-3515</cvename>
<url>https://github.com/advisories/GHSA-x6cj-gx36-vcxv</url>
<cvename>CVE-2024-3516</cvename>
<url>https://github.com/advisories/GHSA-jf9g-42gm-v87w</url>
<cvename>CVE-2024-3157</cvename>
<url>https://github.com/advisories/GHSA-4m4g-p795-cmq7</url>
<cvename>CVE-2024-1580</cvename>
<url>https://github.com/advisories/GHSA-3p7f-4r2q-wxmm</url>
</references>
<dates>
<discovery>2024-04-16</discovery>
<entry>2024-04-18</entry>
</dates>
</vuln>
<vuln vid="6d82c5e9-fc24-11ee-a689-04421a1baf97">
<topic>php -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>php81</name>
<range><lt>8.1.28</lt></range>
</package>
<package>
<name>php82</name>
<range><lt>8.2.18</lt></range>
</package>
<package>
<name>php83</name>
<range><lt>8.3.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>This update includes 3 security fixes:</p>
<blockquote cite="https://seclists.org/oss-sec/2024/q2/113/">
<ul>
<li>High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows</li>
<li>High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows</li>
<li>Medium CVE-2024-2756: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix</li>
<li>High CVE-2024-2757: mb_encode_mimeheader runs endlessly for some inputs</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1874</cvename>
<url>https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7</url>
<cvename>CVE-2024-2756</cvename>
<url>https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4</url>
<cvename>CVE-2024-3096</cvename>
<url>https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr</url>
<cvename>CVE-2024-2757</cvename>
<url>https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq</url>
</references>
<dates>
<discovery>2024-04-11</discovery>
<entry>2024-04-16</entry>
</dates>
</vuln>
<vuln vid="cdb5e0e3-fafc-11ee-9c21-901b0e9408dc">
<topic>go -- http2: close connections when receiving too many headers</topic>
<affects>