aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitri Goutnik <dmgk@FreeBSD.org>2022-05-15 12:22:05 +0000
committerDmitri Goutnik <dmgk@FreeBSD.org>2022-05-15 12:31:43 +0000
commitdfea246bbc8dc5bdec8054bd449e3965880afff6 (patch)
tree41a9b99392f5e988d66efd5574c0570feee2b1d5
parent0d8ffb5efa04ffc5c13ad60fec21a49168d9487e (diff)
downloadports-dfea246bbc8dc5bdec8054bd449e3965880afff6.tar.gz
ports-dfea246bbc8dc5bdec8054bd449e3965880afff6.zip
security/vuxml: Document Go vulnerability
While here, fix package names for the previous Go entry (we also have go117 now).
Diffstat
-rw-r--r--security/vuxml/vuln-2022.xml38
1 files changed, 37 insertions, 1 deletions
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index fe08c657ce81..9ca328997ba8 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,36 @@
+ <vuln vid="a1360138-d446-11ec-8ea1-10c37b4ac2ea">
+ <topic>go -- syscall.Faccessat checks wrong group on Linux</topic>
+ <affects>
+ <package>
+ <name>go</name>
+ <range><lt>1.18.2,1</lt></range>
+ </package>
+ <package>
+ <name>go117</name>
+ <range><lt>1.17.10,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Go project reports:</p>
+ <blockquote cite="https://github.com/golang/go/issues/52313">
+ <p>When called with a non-zero flags parameter, the
+ syscall.Faccessat function could incorrectly report that a
+ file is accessible. This bug only occurs on Linux systems.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-29526</cvename>
+ <url>https://github.com/golang/go/issues/52313</url>
+ <url>https://groups.google.com/g/golang-dev/c/CPU3TB6d4oY</url>
+ </references>
+ <dates>
+ <discovery>2022-04-12</discovery>
+ <entry>2022-05-15</entry>
+ </dates>
+ </vuln>
+
<vuln vid="11e36890-d28c-11ec-a06f-d4c9ef517024">
<topic>curl -- Multiple vulnerabilities</topic>
<affects>
@@ -321,8 +354,11 @@
<affects>
<package>
<name>go</name>
+ <range><lt>1.18.1,1</lt></range>
+ </package>
+ <package>
+ <name>go117</name>
<range><lt>1.17.9,1</lt></range>
- <range><ge>1.18,1</ge><lt>1.18.1,1</lt></range>
</package>
</affects>
<description>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 08:03:56 +0000