Date: Fri, 30 Aug 2019 00:07:37 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r510224 - head/security/vuxml Message-ID: <201908300007.x7U07bUa058984@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Fri Aug 30 00:07:37 2019 New Revision: 510224 URL: https://svnweb.freebsd.org/changeset/ports/510224 Log: Document RDoc vulnerability Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Aug 30 00:07:30 2019 (r510223) +++ head/security/vuxml/vuln.xml Fri Aug 30 00:07:37 2019 (r510224) @@ -58,6 +58,45 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="ed8d5535-ca78-11e9-980b-999ff59c22ea"> + <topic>RDoc -- multiple jQuery vulnerabilities</topic> + <affects> + <package> + <name>ruby</name> + <range><ge>2.4.0</ge><lt>2.4.7,1</lt></range> + <range><ge>2.5.0</ge><lt>2.5.6,1</lt></range> + <range><ge>2.6.0</ge><lt>2.6.3,1</lt></range> + </package> + <package> + <name>rubygem-rdoc</name> + <range><lt>6.1.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Ruby news:</p> + <blockquote cite="https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/">; + <p>There are multiple vulnerabilities about Cross-Site Scripting (XSS) in + jQuery shipped with RDoc which bundled in Ruby. All Ruby users are + recommended to update Ruby to the latest release which includes the + fixed version of RDoc.</p> + <p>The following vulnerabilities have been reported.</p> + <p>CVE-2012-6708</p> + <p>CVE-2015-9251</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/</url>; + <cvename>CVE-2012-6708</cvename> + <cvename>CVE-2015-9251</cvename> + </references> + <dates> + <discovery>2019-08-28</discovery> + <entry>2019-08-29</entry> + </dates> + </vuln> + <vuln vid="abaaecda-ea16-43e2-bad0-d34a9ac576b1"> <topic>Dovecot -- improper input validation</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908300007.x7U07bUa058984>