Date: Wed, 28 Apr 2021 21:57:49 GMT From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 41ffee85fee3 - main - Document vulnerabilities for www/rubygem-carrierwave. Message-ID: <202104282157.13SLvnob050624@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by mfechner: URL: https://cgit.FreeBSD.org/ports/commit/?id=41ffee85fee36c10e56d70882db7f212b462560f commit 41ffee85fee36c10e56d70882db7f212b462560f Author: Matthias Fechner <mfechner@FreeBSD.org> AuthorDate: 2021-04-28 20:56:28 +0000 Commit: Matthias Fechner <mfechner@FreeBSD.org> CommitDate: 2021-04-28 21:57:38 +0000 Document vulnerabilities for www/rubygem-carrierwave. --- security/vuxml/vuln.xml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 1c57d6d1662d..ccbd879d4857 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -76,6 +76,34 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="76a07f31-a860-11eb-8ddb-001b217b3468"> + <topic>Carrierwave -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>rubygem-carrierwave</name> + <range><lt>1.3.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Community reports:</p> + <blockquote cite="https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08"> + <p>Fix Code Injection vulnerability in CarrierWave::RMagick</p> + <p>Fix SSRF vulnerability in the remote file download feature</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08</url> + <cvename>CVE-2021-21288</cvename> + <cvename>CVE-2021-21305</cvename> + </references> + <dates> + <discovery>2021-02-08</discovery> + <entry>2021-04-28</entry> + </dates> + </vuln> + <vuln vid="31a7ffb1-a80a-11eb-b159-f8b156c2bfe9"> <topic>sympa -- Inappropriate use of the cookie parameter can be a security threat. This parameter may also not provide sufficient security.</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104282157.13SLvnob050624>