aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBernard Spil <brnrd@FreeBSD.org>2022-06-22 08:29:39 +0000
committerBernard Spil <brnrd@FreeBSD.org>2022-06-22 08:29:39 +0000
commitda7e737639a077e954426e5400c3ce15754f54da (patch)
treef693a470c02c0fb3928424df032fb52c2e119959
parentc08f10aa9197f480017953952b180968f688f914 (diff)
downloadports-da7e737639a077e954426e5400c3ce15754f54da.tar.gz
ports-da7e737639a077e954426e5400c3ce15754f54da.zip
security/vuxml: Document OpenSSL vulnerability
* Pet `make validate` * Fix spacing for 482456fb-e9af-11ec-93b6-318d1419ea39 * Add discovery date for 482456fb-e9af-11ec-93b6-318d1419ea39 using tor wiki page update date.
-rw-r--r--security/openssl/files/patch-Configurations_10-main.conf16
-rw-r--r--security/openssl/files/patch-config20
-rw-r--r--security/vuxml/vuln-2022.xml40
3 files changed, 38 insertions, 38 deletions
diff --git a/security/openssl/files/patch-Configurations_10-main.conf b/security/openssl/files/patch-Configurations_10-main.conf
deleted file mode 100644
index 03be5801b885..000000000000
--- a/security/openssl/files/patch-Configurations_10-main.conf
+++ /dev/null
@@ -1,16 +0,0 @@
---- Configurations/10-main.conf.orig 2021-12-14 15:45:01 UTC
-+++ Configurations/10-main.conf
-@@ -988,6 +988,13 @@ my %targets = (
- perlasm_scheme => "elf",
- },
-
-+ "BSD-aarch64" => {
-+ inherit_from => [ "BSD-generic64", asm("aarch64_asm") ],
-+ lib_cppflags => add("-DL_ENDIAN"),
-+ bn_ops => "SIXTY_FOUR_BIT_LONG",
-+ perlasm_scheme => "linux64",
-+ },
-+
- "bsdi-elf-gcc" => {
- inherit_from => [ "BASE_unix", asm("x86_elf_asm") ],
- CC => "gcc",
diff --git a/security/openssl/files/patch-config b/security/openssl/files/patch-config
deleted file mode 100644
index d83edae81ff7..000000000000
--- a/security/openssl/files/patch-config
+++ /dev/null
@@ -1,20 +0,0 @@
---- config.orig 2021-08-24 13:38:47 UTC
-+++ config
-@@ -708,14 +708,9 @@ case "$GUESSOS" in
- ia64-*-*bsd*) OUT="BSD-ia64" ;;
- x86_64-*-dragonfly*) OUT="BSD-x86_64" ;;
- amd64-*-*bsd*) OUT="BSD-x86_64" ;;
-- *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc...
-- if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD
-- libc=/usr/lib/libc.so
-- else # OpenBSD
-- # ld searches for highest libc.so.* and so do we
-- libc=`(ls /usr/lib/libc.so.* /lib/libc.so.* | tail -1) 2>/dev/null`
-- fi
-- case "`(file -L $libc) 2>/dev/null`" in
-+ arm64-*-*bsd*) OUT="BSD-aarch64" ;;
-+ *86*-*-*bsd*)
-+ case "`(file -L /bin/sh) 2>/dev/null`" in
- *ELF*) OUT="BSD-x86-elf" ;;
- *) OUT="BSD-x86"; options="$options no-sse2" ;;
- esac ;;
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index 93de1ddaa75c..eb6d8c7f454d 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,39 @@
+ <vuln vid="4eeb93bf-f204-11ec-8fbd-d4c9ef517024">
+ <topic>OpenSSL -- Command injection vulnerability</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><lt>1.1.1p,1</lt></range>
+ </package>
+ <package>
+ <name>openssl-devel</name>
+ <range><lt>3.0.4</lt></range>
+ </package>
+ <package>
+ <name>openssl-quictls</name>
+ <range><lt>3.0.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenSSL project reports:</p>
+ <blockquote cite="https://www.openssl.org/news/secadv/20220621.txt">
+ <p>Circumstances where the c_rehash script does not properly
+ sanitise shell metacharacters to prevent command injection were
+ found by code review.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-2068</cvename>
+ <url>https://www.openssl.org/news/secadv/20220621.txt</url>
+ </references>
+ <dates>
+ <discovery>2022-06-21</discovery>
+ <entry>2022-06-22</entry>
+ </dates>
+ </vuln>
+
<vuln vid="b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
@@ -44,7 +80,7 @@
</vuln>
<vuln vid="482456fb-e9af-11ec-93b6-318d1419ea39">
- <topic> Security Vulnerability found in ExifTool leading to RCE </topic>
+ <topic>Security Vulnerability found in ExifTool leading to RCE</topic>
<affects>
<package>
<name>p5-Image-ExifTool</name>
@@ -129,7 +165,7 @@
<url>https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE</url>
</references>
<dates>
- <discovery>TBD</discovery>
+ <discovery>2022-06-14</discovery>
<entry>2022-06-17</entry>
</dates>
</vuln>