rundeck3
ClosedPublic
Actions

Authored by fuz on Feb 16 2023, 1:13 PM.

Details

Reviewers

eduardo
flo

Commits

R11:31b0c7cc1e13: security/vuxml: document log4j vulnerability in sysutils/rundeck3

Summary

security/vuxml: document log4j vulnerability in sysutils/rundeck3

PR:		261748
Reported by:	ruben@verweg.com
Security:	https://docs.rundeck.com/docs/history/3_4_x/version-3.4.10.html
Approved by:	... (mentor)

Test Plan

Tested with Poudriere on i386 amd64 FreeBSD 12.4 13.1. Arm64 tests pending.
See test results at: http://fuz.su/~fuz/freebsd/batch2

make tidy completed without error.

Diff Detail

Repository

R11 FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

fuz created this revision.Feb 16 2023, 1:13 PM

Herald added a subscriber: mat. · View Herald TranscriptFeb 16 2023, 1:13 PM

fuz requested review of this revision.Feb 16 2023, 1:13 PM

Harbormaster completed remote builds in B49848: Diff 117445.Feb 16 2023, 1:13 PM

fuz mentioned this in D38634: sysutils/rundeck3: update to 3.4.10.Feb 16 2023, 1:13 PM

Approved

This revision is now accepted and ready to land.Feb 16 2023, 10:24 PM

Isn't Security: tag a vid or cve?
27c822a0-addc-11ed-a9ee-dca632b19f10
or
CVE-2021-44832 ?

In D38636#879592, @eduardo wrote:

Isn't Security: tag a vid or cve?
27c822a0-addc-11ed-a9ee-dca632b19f10
or
CVE-2021-44832 ?

Yes, indeed. I missed that. The Security: tag doesn't make much sense on the vuxml commit. I usually only add it with the vid to the commit which updates the port. So D38634 should add the tag to the commit message.

Okay, will add the tag to the commit message for D38634 then.

Closed by commit R11:31b0c7cc1e13: security/vuxml: document log4j vulnerability in sysutils/rundeck3 (authored by fuz). · Explain WhyFeb 19 2023, 11:02 AM

This revision was automatically updated to reflect the committed changes.

fuz added a commit: R11:31b0c7cc1e13: security/vuxml: document log4j vulnerability in sysutils/rundeck3.