FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b0f49cb9-6736-11ec-9eea-589cfc007716OpenSearch -- Log4Shell

OpenSearch reports:

CVE-2021-45046 was issued shortly following the release of OpenSearch 1.2.1. This new CVE advises upgrading from Log4j 2.15.0 (used in OpenSearch 1.2.1) to Log4j 2.16.0. Out of an abundance of caution, the team is releasing OpenSearch 1.2.2 which includes Log4j 2.16.0. While there has been no observed reproduction of the issue described in CVE-2021-45046, Log4j 2.16.0 takes much more extensive JNDI mitigation measures.


Discovery 2021-12-14
Entry 2021-12-27
opensearch
lt 1.2.2

CVE-2021-45046
https://opensearch.org/blog/releases/2021/12/update-1-2-2/
d1be3d73-6737-11ec-9eea-589cfc007716OpenSearch -- Log4Shell

OpenSearch reports:

CVE-2021-45105 for Log4j was issued after the release of OpenSearch 1.2.2. This CVE advises upgrading to Log4j 2.17.0. While there has been no observed reproduction of the issue described in CVE-2021-45105 in OpenSearch, we have released OpenSearch 1.2.3 which updates Log4j to version 2.17.0.


Discovery 2021-12-16
Entry 2021-12-27
opensearch
lt 1.2.3

CVE-2021-45105
https://opensearch.org/blog/releases/2021/12/update-1-2-3/
4b1ac5a3-5bd4-11ec-8602-589cfc007716OpenSearch -- Log4Shell

OpenSearch reports:

A recently published security issue (CVE-2021-44228) affects several versions of the broadly-used Apache Log4j library. Some software in the OpenSearch project includes versions of Log4j referenced in this CVE. While, at time of writing, the team has not found a reproduceable example in OpenSearch of remote code execution (RCE) described in this issue, its severity is such that all users should take mitigation measures. As recommended by the advisory, the team has released OpenSearch 1.2.1, which updates Log4j to version 2.15.0. For those who cannot upgrade to 1.2.1, the Log4j website outlines additional measures to mitigate the issue. This patch release also addresses CVE-2021-4352 in the OpenSearch Docker distributions..


Discovery 2021-12-11
Entry 2021-12-13
opensearch
lt 1.2.1

CVE-2021-44228
https://opensearch.org/blog/releases/2021/12/update-to-1-2-1/