NetBSD Security Advisories

  • NetBSD Security Advisories

FreshPorts news

  • graphics/glfw - 3.4

    graphics/glfw: get maintainership

    Approved by: eduardo (previous maintainer via email)
    MFH: 2024Q2

  • net-p2p/tremotesf - 2.6.2

    net-p2p/tremotesf: update to 2.6.2

    Add compiler:c++20-lang to USES.

    Changelog: https://github.com/equeim/tremotesf2/releases/tag/2.6.2

    PR: 278274
    Approved by: Submitter is maintainer, diizzy (mentor)
    Differential Revision: https://reviews.freebsd.org/D44981

  • net/wlvncc - s20240407

    net/wlvncc: update to s20240407

    Changes: https://github.com/any1/wlvncc/compare/2b9a886...0c1308f

  • x11/dwlb - s20240427

    x11/dwlb: update to s20240427

    Changes: https://github.com/kolunmi/dwlb/compare/78a5302...a30bb03

  • misc/far2l - 2.6.1

    misc/far2l: update Far2L to version 2.6.1 (on the edge) + hotfix

    Apparently, regardless of the search method, when LibArchive is
    installed from ports, it would be picked over the base version,
    so put `libarchive' on the USES list unconditionally, to avoid
    unregistered dependency when building in an unclean environment.

    Prefer find_package() vs. pkg_search_module() because the former
    prints explicit "found" status message with the library path and
    version, if available, which makes more informative build logs.

    Reported by: portscout

  • security/nextcloud-passman - 2.4.9

    security/nextcloud-passman: Update to 2.4.9

  • security/vuxml - 1.1_6

    security/vuxml: CVEs affecting www/glpi < 10.0.15

    CVE-2024-31456 and CVE-2024-29889 were fixed in GLPI 10.0.15.

    PR: 278641
    PR: 278642

  • www/glpi - 10.0.15,1

    www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889)

    Mostly a security release (2 high severity security fixes).

    ChangeLog:
    https://github.com/glpi-project/glpi/releases/tag/10.0.15

    This release fixes a few security issues that have been recently discovered.
    Update is recommended!
    You will find below the list of security issues fixed in this bugfixes version:
    * [SECURITY - high] Authenticated SQL injection from map search (CVE-2024-31456)
    * [SECURITY - high] Account takeover via SQL Injection in saved searches feature
    (CVE-2024-29889)

    Also, here is a short list of main changes done in this version:
    * Fix used right by reservation form.
    * Do not rely on input to apply rules rights.
    * Always store updated SMTP Oauth refresh token.
    * Upgrade tinymce.

    PR: 278641
    MFH: 2024Q2

  • sysutils/cbsd - 14.0.8

    sysutils/cbsd: Update to 14.0.8

  • security/py-badkeys - 0.0.8

    security/py-badkeys: Update to 0.0.8

    Reported by: portscout, github notification, Hanno Böck.
Copyright 2000-2024 Dan Langille | Date published: Mon, 29 Apr 2024 12:35:16 +0000
Back to newsfeed list
DMCA.com Protection Status