Date: Fri, 17 Sep 2021 10:52:24 GMT From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 53dd519f9dd6 - main - security/vuxml: Register cURL vulns Message-ID: <202109171052.18HAqOVo001155@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=53dd519f9dd6328ebefdc30588f2e6abb272fabf commit 53dd519f9dd6328ebefdc30588f2e6abb272fabf Author: Bernard Spil <brnrd@FreeBSD.org> AuthorDate: 2021-09-17 10:52:12 +0000 Commit: Bernard Spil <brnrd@FreeBSD.org> CommitDate: 2021-09-17 10:52:12 +0000 security/vuxml: Register cURL vulns --- security/vuxml/vuln-2021.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index d7fe59625128..b3d5ec0b65bd 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,36 @@ + <vuln vid="c9221ec9-17a2-11ec-b335-d4c9ef517024"> + <topic>cURL -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>curl</name> + <range><lt>7.79.0</lt></range> + <range><ge>7.20.0</ge></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The cURL project reports:</p> + <blockquote cite="https://curl.se/docs/security.html"> + <ul> + <li>UAF and double-free in MQTT sending (CVE-2021-22945)</li> + <li>Protocol downgrade required TLS bypassed (CVE-2021-22946)</li> + <li>STARTTLS protocol injection via MITM (CVE-2021-22945)</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-22945</cvename> + <cvename>CVE-2021-22946</cvename> + <cvename>CVE-2021-22947</cvename> + <url>https://curl.se/docs/security.html</url> + </references> + <dates> + <discovery>2021-09-15</discovery> + <entry>2021-09-17</entry> + </dates> + </vuln> + <vuln vid="49c35943-0eeb-421c-af4f-78e04582e5fb"> <topic>seatd-launch -- privilege escalation with SUID</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202109171052.18HAqOVo001155>