diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/p5-GSSAPI/Makefile | 4 | ||||
| -rw-r--r-- | security/py-nitrokey/Makefile | 7 | ||||
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 74 |
3 files changed, 80 insertions, 5 deletions
diff --git a/security/p5-GSSAPI/Makefile b/security/p5-GSSAPI/Makefile index ff17e4d13599..25102d1fa128 100644 --- a/security/p5-GSSAPI/Makefile +++ b/security/p5-GSSAPI/Makefile @@ -22,11 +22,9 @@ OPTIONS_DEFAULT=GSSAPI_BASE GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_USES= gssapi:mit -GSSAPI_MIT_VARS= KRB5CONF=${KRB5_HOME}/bin/krb5-config -GSSAPI_MIT_VARS_OFF= KRB5CONF=${HEIMDAL_HOME}/bin/krb5-config post-patch: - @${REINPLACE_CMD} -e 's|%%KRB5CONF%%|${KRB5CONF}|g' ${WRKSRC}/Makefile.PL + @${REINPLACE_CMD} -e 's|%%KRB5CONF%%|${KRB5CONFIG}|g' ${WRKSRC}/Makefile.PL post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/${SITE_ARCH_REL}/auto/GSSAPI/GSSAPI.so diff --git a/security/py-nitrokey/Makefile b/security/py-nitrokey/Makefile index 4fbcdf8adcd3..6e2c63495263 100644 --- a/security/py-nitrokey/Makefile +++ b/security/py-nitrokey/Makefile @@ -1,5 +1,6 @@ PORTNAME= nitrokey DISTVERSION= 0.3.2 +PORTREVISION= 1 CATEGORIES= security devel python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -15,13 +16,15 @@ BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}fido2>=1.1.2,<3:security/py-fido2@${PY_FLA ${PYTHON_PKGNAMEPREFIX}requests>=0:www/py-requests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}semver>=0:devel/py-semver@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}tlv8>=0:converters/py-tlv8@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}poetry>=0:devel/py-poetry@${PY_FLAVOR} + ${PYTHON_PKGNAMEPREFIX}poetry>=0:devel/py-poetry@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}hidapi>=0.14,<0.15:comms/py-hidapi@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}fido2>=1.1.2,<3:security/py-fido2@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyusb>=0:devel/py-pyusb@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}requests>=0:www/py-requests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyserial>=0:comms/py-pyserial@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}semver>=0:devel/py-semver@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}tlv8>=0:converters/py-tlv8@${PY_FLAVOR} + ${PYTHON_PKGNAMEPREFIX}tlv8>=0:converters/py-tlv8@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}hidapi>=0.14,<0.15:comms/py-hidapi@${PY_FLAVOR} USES= python shebangfix USE_PYTHON= autoplist concurrent cryptography pep517 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 6a4e1eec9395..f6e442e66486 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,77 @@ + <vuln vid="f50640fa-89a4-4795-a302-47b0dea8cee5"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>140.0.7339.127</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>140.0.7339.127</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html"> + <p>This update includes 2 security fixes:</p> + <ul> + <li>[440454442] Critical CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang on 2025-08-22</li> + <li>[439305148] High CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon on 2025-08-18</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10200</cvename> + <cvename>CVE-2025-10201</cvename> + <url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html</url> + </references> + <dates> + <discovery>2025-09-09</discovery> + <entry>2025-09-11</entry> + </dates> + </vuln> + + <vuln vid="602fc0fa-8ece-11f0-9d03-2cf05da270f3"> + <topic>Gitlab -- Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.3.0</ge><lt>18.3.2</lt></range> + <range><ge>18.2.0</ge><lt>18.2.6</lt></range> + <range><ge>7.8.0</ge><lt>18.1.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/"> + <p>Denial of Service issue in SAML Responses impacts GitLab CE/EE</p> + <p>Server-Side Request Forgery issue in Webhook custom header impacts GitLab CE/EE</p> + <p>Denial of Service issue in User-Controllable Fields impacts GitLab CE/EE</p> + <p>Denial of Service issue in endpoint file upload impacts GitLab CE/EE</p> + <p>Denial of Service issue in token listing operations impacts GitLab CE/EE</p> + <p>Information disclosure issue in runner endpoints impacts GitLab CE/EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-2256</cvename> + <cvename>CVE-2025-6454</cvename> + <cvename>CVE-2025-1250</cvename> + <cvename>CVE-2025-7337</cvename> + <cvename>CVE-2025-10094</cvename> + <cvename>CVE-2025-6769</cvename> + <url>https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/</url> + </references> + <dates> + <discovery>2025-09-10</discovery> + <entry>2025-09-11</entry> + </dates> + </vuln> + <vuln vid="bda50cf1-8bcf-11f0-b3f7-a8a1599412c6"> <topic>chromium -- multiple security fixes</topic> <affects> |