diff options
author | Zoltan ALEXANDERSON BESSE <zab@zltech.eu> | 2023-03-09 07:56:23 +0000 |
---|---|---|
committer | Fernando ApesteguĂa <fernape@FreeBSD.org> | 2023-03-09 07:56:23 +0000 |
commit | 620733e416973eec341588f8025029827d015bd5 (patch) | |
tree | d6f51791f6660b3d9d60e7a8c2afc2e514b5b7a1 | |
parent | 07cf61fb7c13411accc8f240e6748eb1dba4ccfe (diff) | |
download | ports-620733e416973eec341588f8025029827d015bd5.tar.gz ports-620733e416973eec341588f8025029827d015bd5.zip |
security/vuxml: databases/mantis <2.25.6 CVEs
CVE-2023-22476 and CVE-2022-31129
ChangeLog:
https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.6
PR: 270039
Reported by: zab@zltech.eu
-rw-r--r-- | security/vuxml/vuln/2023.xml | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index bc0e8b22645b..d02ae8240a4f 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -33,6 +33,42 @@ </dates> </vuln> + <vuln vid="bed545c6-bdb8-11ed-bca8-a33124f1beb1"> + <topic>mantis -- multiple vulnerabilities</topic> + <affects> + <package> + <name>mantis-php74</name> + <name>mantis-php80</name> + <name>mantis-php81</name> + <name>mantis-php82</name> + <range><lt>2.25.6,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mantis 2.25.6 release reports:</p> + <blockquote cite="https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.6"> + <p>Security and maintenance release</p> + <ul> + <li>0031086: Private issue summary disclosure (CVE-2023-22476)</li> + <li>0030772: Update (bundled) moment.js to 2.29.4 (CVE-2022-31129)</li> + <li>0030791: Allow adding relation type noopener/noreferrer to outgoing links</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-22476</cvename> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-22476</url> + <cvename>CVE-2022-31129</cvename> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-31129</url> + </references> + <dates> + <discovery>2023-01-06</discovery> + <entry>2023-03-08</entry> + </dates> + </vuln> + <vuln vid="6678211c-bd47-11ed-beb0-1c1b0d9ea7e6"> <topic>Apache OpenOffice -- master password vulnerabilities</topic> <affects> |