FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7f7d6412-bae5-11e9-be92-3085a9a95629doas -- Prevent passing of environment variables

Jesse Smith (upstream author of the doas program) reported:

Previous versions of "doas" transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read (or written to), which resulted in potential security problems.

Many thanks to Sander Bos for reporting this issue and explaining how it can be exploited.


Discovery 2019-08-03
Entry 2019-08-09
Modified 2019-08-15
doas
lt 6.1

https://marc.info/?l=openbsd-tech&m=156105665713340&w=2
https://github.com/slicer69/doas/releases/tag/6.1