security/vuxml: add entries for databases/mantis
PR: 251141 Submitted by: Zoltan Alexanderson Besse <zab@zltech.eu>
This commit is contained in:
parent
83e10ccbb5
commit
2126289e89
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=555145
@ -58,6 +58,45 @@ Notes:
|
||||
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="19259833-26b1-11eb-a239-1c697a013f4b">
|
||||
<topic>mantis -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>mantis-php72</name>
|
||||
<name>mantis-php73</name>
|
||||
<name>mantis-php74</name>
|
||||
<name>mantis-php80</name>
|
||||
<range><lt>2.24.3</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>Mantis 2.24.3 release reports:</p>
|
||||
<blockquote cite="https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.3">
|
||||
<p>This release fixes 3 security issues:</p>
|
||||
<ul>
|
||||
<li>0027039: CVE-2020-25781: Access to private bug note attachments</li>
|
||||
<li>0027275: CVE-2020-25288: HTML Injection on bug_update_page.php</li>
|
||||
<li>0027304: CVE-2020-25830: HTML Injection in bug_actiongroup_page.php</li>
|
||||
</ul>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<freebsdpr>ports/251141</freebsdpr>
|
||||
<cvename>CVE-2020-25781</cvename>
|
||||
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25781</url>
|
||||
<cvename>CVE-2020-25288</cvename>
|
||||
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25288</url>
|
||||
<cvename>CVE-2020-25830</cvename>
|
||||
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25830</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2020-09-13</discovery>
|
||||
<entry>2020-11-14</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="db4b2f27-252a-11eb-865c-00155d646400">
|
||||
<topic>go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo</topic>
|
||||
<affects>
|
||||
|
Loading…
Reference in New Issue
Block a user