FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-11-18 10:11:03 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
bf6c9252-c2ec-11f0-8372-98b78501ef2a	sudo-rs -- Authenticating user not recorded properly in timestamp Trifecta Tech Foundation reports: With Defaults targetpw (or Defaults rootpw) enabled, the password of the target account (or root account) instead of the invoking user is used for authentication. sudo-rs prior to 0.2.10 incorrectly recorded the invoking userÃ¢ÂÂs UID instead of the authenticated-as user's UID in the authentication timestamp. Any later sudo invocation on the same terminal while the timestamp was still valid would use that timestamp, potentially bypassing new authentication even if the policy would have required it. Discovery 2025-11-12 Entry 2025-11-16 sudo-rs >= 0.2.5 lt 0.2.10 sudo-rs-coexist >= 0.2.5 lt 0.2.10 CVE-2025-64517 https://cveawg.mitre.org/api/cve/CVE-2025-64517
c1ceaaea-c2e7-11f0-8372-98b78501ef2a	sudo-rs -- Partial password reveal when password timeout occurs Trifecta Tech Foundation reports: When typing partial passwords but not pressing return for a long time, a password timeout can occur. When this happens, the keys pressed are replayed onto the console. Discovery 2025-11-12 Entry 2025-11-16 sudo-rs >= 0.2.7 lt 0.2.10 sudo-rs-coexist >= 0.2.7 lt 0.2.10 CVE-2025-64170 https://cveawg.mitre.org/api/cve/CVE-2025-64170

VuXML ID

Description

bf6c9252-c2ec-11f0-8372-98b78501ef2a

sudo-rs -- Authenticating user not recorded properly in timestamp

Trifecta Tech Foundation reports:

With Defaults targetpw (or Defaults rootpw) enabled, the password of the target account (or root account) instead of the invoking user is used for authentication. sudo-rs prior to 0.2.10 incorrectly recorded the invoking userÃ¢ÂÂs UID instead of the authenticated-as user's UID in the authentication timestamp. Any later sudo invocation on the same terminal while the timestamp was still valid would use that timestamp, potentially bypassing new authentication even if the policy would have required it.

Discovery 2025-11-12
Entry 2025-11-16
sudo-rs

>= 0.2.5 lt 0.2.10

sudo-rs-coexist

>= 0.2.5 lt 0.2.10

CVE-2025-64517
https://cveawg.mitre.org/api/cve/CVE-2025-64517

c1ceaaea-c2e7-11f0-8372-98b78501ef2a

sudo-rs -- Partial password reveal when password timeout occurs

Trifecta Tech Foundation reports:

When typing partial passwords but not pressing return for a long time, a password timeout can occur. When this happens, the keys pressed are replayed onto the console.

Discovery 2025-11-12
Entry 2025-11-16
sudo-rs

>= 0.2.7 lt 0.2.10

sudo-rs-coexist

>= 0.2.7 lt 0.2.10

CVE-2025-64170
https://cveawg.mitre.org/api/cve/CVE-2025-64170