security/vuxml: document gitlab vulnerability

security/vuxml: Document Django multiple vulnerabilities

security/vuxml: add www/*chromium < 113.0.5672.63

Approved by:	rene (mentor, implicit)
Obtained
from:	https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

security/vuxml: document gitlab-ce vulnerabilities

security/vuxml: Add net/cloud-init* CVE

CVE-2023-1786: Sensitive data leak.

security/vuxml: add h2o CVE-2023-30847 entry

    Security:       4da51989-5a8b-4eb9-b442-46d94ec0802d
    Security:       CVE-2023-30847

security/vuxml: Update ghostscript CVE-2023-28879 entry

and mark ghostscript9-agpl-base 9.56.1_10 as fixed,
and remove ghostscript9-agpl-x11 which does not seem to be
using the vulnerable code.

Security:	25872b25-da2d-11ed-b715-a1e76793953b
Security:	CVE-2023-28879
PR:		270823

security/vuxml: Document grafana{8,9} security vulnerabilities

* CVE-2023-1387
* CVE-2023-24538

PR:		271086
Reported by:	Boris Korzun

security/vuxml: Document devel/git vulnerabilities

Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/vuxml: Document vulnerability in www/element-web

security/vuxml: jellyfin multiple vulnerabilities

CVE-2023-30626 - directory traversal vulnerability
CVE-2023-30627 - XSS vulnerability

PR:		271041
Reported by:	debdrup@

security/vuxml: add phpmyfaq < 3.1.13

security/vuxml: Fix URLs in MySQL 2023Q2 vulnerabilities

security/vuxml: Document MySQL 2023Q2 vulnerabilities

security/vuxml: fix typo in ghostscript entry update

security/vuxml: fix up ghostscript version range of CVE-2023-28879

Pointy hat to:	mandree@ for misreading the quoted Artifex page
Reported by:	Nicholas Taylor <nicholas.e.taylor@gmail.com>
PR:		270823 (comment #3)
Security:	CVE-2023-28879
Security:	25872b25-da2d-11ed-b715-a1e76793953b

security/vuxml: add www/*chromium < 112.0.5615.165

Approved by:	rene (mentor)
Obtained
from:	https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Differential Revision:	https://reviews.freebsd.org/D39717

security/vuxml: add libxml2 < 2.10.4

security/vuxml: add mod_gnutls <= 0.12.1

security/vuxml: add www/*chromium < 112.0.5615.121

Approved by:	rene (mentor)
Obtained
from:	https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
Differential Revision:	https://reviews.freebsd.org/D39578

security/vuxml: fix vuxml build

Remove invalid CVE entries introduced in d58bc805721a.

Pointy hat to:	wen

security/vuxml: revise ghostscript vuln entry.

security/vuxml: ghostscript < 10.01.1 buffer overflow

Security:	25872b25-da2d-11ed-b715-a1e76793953b
Security:	CVE-2023-28879

security/vuxml: Mark zeek < 5.0.8 as vulnerable as per:

    https://github.com/zeek/zeek/releases/tag/v5.0.8

This release fixes the following potential DoS vulnerabilities:

 - A specially-crafted stream of FTP packets containing a command
   reply with many intermediate lines can cause Zeek to spend a
   large amount of time processing data.

 - A specially-crafted set of packets containing extremely large
   file offsets cause cause the reassembler code to allocate large
   amounts of memory.

 - The DNS manager does not correctly expire responses that don't

security/vuxml: add another batch of pysec vulnerabilities

Vulnerable Python ports discovered with pysec2vuxml.
See also: <https://github.com/HubTou/pysec2vuxml>.

PR:	270744

security/vuxml: mark ffmpeg >= 4.4.4,1 as not vulnerable

security/vuxml: Document vulnerability in traefik before 2.9.9_1

security/vuxml: document 20 py*-* vulnerabilities

Vulnerable Python ports discovered with pysec2vuxml.
See also: <https://github.com/HubTou/pysec2vuxml>.

PR:		270723

security/vuxml: add www/*chromium < 112.0.5615.49

Approved by:	rene (mentor)
Obtained
from:	https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html
Differential Revision:	https://reviews.freebsd.org/D39423

security/vuxml: fix whitespace error

Reported by:	`make validate`

security/vuxml: Document Go vulnerabilities

securily/vuxml: document Samba vulnerabilities

CVE-2023-0225, CVE-2023-0922, CVE-2023-0614

Security:	CVE-2023-0225
		CVE-2023-0922
		CVE-2023-0614

security/vuxml: mark ffmpeg < 5.0.3,1 as vulnerable

security/vuxml: Document mediawiki multiple vulnerabilities

security/vuxml: document grafana vulnerabilities

CVE-2023-1410

PR:		270562
Reported by:	Boris Korzun

security/vuxml: Document gitlab vulnerabilities

security/vuxml: Document ReDoS vulnerability in rubygem-time

security/vuxml: Document ReDoS vulnerability in rubygem-uri

security/vuxml: Document powerdns vulnerabilities

PR:		270537

security/vuxml: Fix typo in blockquote

security/vuxml: mark xorg-server < 21.1.8,1 as vulnerable

security/vuxml: Document 2 OpenSSL vulnerabilities

security/vuxml: Document security vulnerabilities in Matrix clients

security/vuxml: phpmyfaq vulnerabilities

security/vuxml: Adapt OpenSSL vuln for openssl-quictls

security/vuxml: Document OpenSSL DoS vulnerability

security/vuxml: Document possible denial of service vulnerability in rack

security/vuxml: Fix range of rubygem-rack22 in
f0798a6a-bbdb-11ed-ba99-080027f5fec9

Fixes:	ea12c503acc8

security/vuxml: Document vulnerability in net-im/dino

security/vuxml: mark libXpm < 3.5.15 as vulnerable

security/vuxml: Remove empty cvename tag in jenkins entry

security/vuxml: Document vulnerability for security/tailscale

PR:		270406

security/vuxml: add www/*chromium < 111.0.5563.110

Approved by:	rene (mentor)
Obtained
from:	https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html

security/vuxml: Document denial-of-serviece vulnerability in redis

security/vuxml: Document multiple vulnerabilities in curl

security/vuxml: Document phpmyadmin vulnerabilities

security/vuxml: Autofill CVE information

The `newentry` target accepts an optional parameter CVE_ID.
When provided, the newentry.sh script tries to retrieve information from the
NVD and MITRE databases and fill the template accordingly.

The script needs `textproc/jq` and warns the user and exists if it is not found.

How to use it:

make newentry CVE_ID=CVE-2022-39282

Note that this is just a helper. *YOU HUMAN* have to check that the information
is correct.

Reviewed by: tcberner, jlduran_gmail.com, mat
Differential Revision: https://reviews.freebsd.org/D38894

security/vuxml: Document Apache httpd vulnerabilities

Sponsored by:	Netzkommune GmbH

security/vuxml: fix typo in the openoffice entry

Fix a typo in the openoffice devel version value in the latest
openoffice entry.

security/vuxml: add www/*chromium < 111.0.5563.64

Approved by:	rene (mentor)
Obtained
from:	https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html
Differential Revision:	https://reviews.freebsd.org/D38992

security/vuxml: Document Jenkins Security Advisory 2023-03-08

Sponsored by:	The FreeBSD Foundation

security/vuxml: databases/mantis <2.25.6 CVEs

CVE-2023-22476 and CVE-2022-31129

ChangeLog:
https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&amp;version=2.25.6

PR:		270039
Reported by:	zab@zltech.eu

security/vuxml: Document Go vulnerability

security/vuxml: openoffice 2022 vulnerabilities

Belatedly document Apache OpenOffice vulnerabilities from 2022.  The
port was broken at the time.

security/vuxml: Document possible DoS vulnerability in rack

security/vuxml: Document multiple vulnerabilities in curl

security/vuxml: document strongSwan certificate verification vulnerability

Security:	3f9b6943-ba58-11ed-bbbd-00e0670f2660

security/vuxml: Document gitlab-ce vulnerabilities

security/vuxml: document grafana{8,9} CVEs

 * CVE-2023-0507 - Stored XSS in geomap panel plugin via attribution (High)
 * CVE-2023-0594 - Stored XSS in TraceView panel (High)
 * CVE-2023-22462 - Stored XSS in text panel plugin

PR:		269903
Reported by:	drtr0jan@yandex.ru

security/vuxml: Document multiple vulnerabilities in redis

security/vuxml: Document multiple vulnerabilities in Emacs

security/vuxml: correct "vulnerabilities" spelling

Closes:	https://github.com/freebsd/freebsd-ports/pull/164

security/vuxml: document vulnerabilities for net/freerdp

CVE-2022-39282 and CVE-2022-39283.

PR:		269667
Reported by:	grahamperrin@freebsd.org

security/vuxml: add www/*chromium < 110.0.5481.177

Approved by:	rene (mentor)
Obtained
from:	https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html

security/vuxml: Mark zeek < 5.0.7 as vulnerable as per:

    https://github.com/zeek/zeek/releases/tag/v5.0.7

This release fixes the following potential DoS vulnerabilities:

 - Receiving DNS responses from async DNS requests (via the
   lookup_addr, etc BIF methods) with the TTL set to zero could
   cause the DNS manager to eventually stop being able to make new
   requests.

 - Specially-crafted FTP packets with excessively long usernames,
   passwords, or other fields could cause log writes to use large
   amounts of disk space.

 - The find_all and find_all_ordered BIF methods could take extremely
   large amounts of time to process incoming data depending on the
   size of the input.

Reported by:	Tim Wojtulewicz

security/vuxml: Document libde265 vulnabilities.

PR:             269382
Reported by:    diizzy@

security/vuxml: Document recent git CVEs

Document CVEs fixed by devel/git 2.39.1 and 2.39.2:

CVE-2022-41903
CVE-2022-23521
CVE-2023-22490
CVE-2023-23946
PR:		269655
Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/vuxml: Add gitea vulnerabilities

PR:		269707

security/vuxml: Document vulnerable x/net/http2 module in traefik

security/vuxml: document log4j vulnerability in sysutils/rundeck3

PR:		261748
Reported by:	ruben@verweg.com
Approved by:	flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38636

security/vuxml: Add www/minio vulnerability

CVE-2022-24842: unprivileged users can create service accounts for admin users.

PR:		268656
Reported by:	adam@omega.org.uk
Obtained from:	https://github.com/freebsd/freebsd-ports/pull/158

security/vuxml: Document multiple vulnerabilities in ClamAV

security/vuxml: Document Go vulnerabilities

security/vuxml: Fix typo in my previous commit

Reported by:	dan@langille.org(via email)

security/vuxml: Document Django multiple vulnerabilities

security/vuxml: Document GNUTLS-SA-2020-07-14

Security:	https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14

security/vuxml: Document phpmyfaq vulnerabilities

security/vuxml: add www/*chromium < 110.0.5481.77

Approved by:	rene (mentor)
Obtained
from:	https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html

security/vuxml: update PostgreSQL CVE-2022-41862

The problem is with libpq, part of the postgresql-client packages.

security/vuxml: add entry for PostgreSQL CVE-2022-41862

security/vuxml: Record grafana{8,9} vulnerabilities

CVE-2022-39324 and CVE-2022-23552

security/vuxml: Document LibreSSL vulnerability

security/vuxml: Fix affected version of tightvnc

Forgot to include PORTREVISION.

Reported by:	jbeich

security/vuxml: mark xorg-server < 21.1.7,1 as vulnerable

security/vuxml: Document TightVNC multiplevulnerability

security/vuxml: Document new OpenSSL vulnerabilities

security/vuxml: Document django multiple vulnerabilities

security/vuxml: Fix kafka version

Use 3.3.2 since we don't have the 3.4.x branch.

Fixes:	37508462426c3674c0b32cc7e8cb38dbafc2ecd5

security/vuxml: Register net/kafka stack overflow vulnerability

CVE-2020-36518

PR:	269170

security/vuxml: Register sysutils/node_exporter vulnerability

CVE-2022-46146

Note that in

https://cgit.freebsd.org/ports/commit/?id=8b5d2b9a9ec7985158a814e2cdf9022d785b9090

three CVEs are mentioned: CVE-2022-27191 CVE-2022-27664 CVE-2022-46146

However, according to: https://github.com/prometheus/node_exporter/pull/2488
node_exported is not really affected by those Go vulnerabilities. However
the dependencies were bumped anyway.