CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2026/02/26 03:01:19
Modified files:
security/vaultwarden: Tag: OPENBSD_7_8 Makefile distinfo
security/vaultwarden/patches: Tag: OPENBSD_7_8 patch-Cargo_toml
Added files:
security/vaultwarden/patches: Tag: OPENBSD_7_8 patch-Cargo_lock
patch-src_api_core_accounts_rs
patch-src_api_identity_rs
patch-src_crypto_rs
Log message:
Security update to vaultwarden-1.35.4
This release contains security fixes:
- GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to
access a cipher from a different user (fully encrypted) if they
already know its internal UUID.
- GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with
manager-level access within an organization to modify collections they
can access, even if they do not have management permissions for them.
- GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with
manager-level access within an organization to modify collections they
are not assigned. These are private for now, pending CVE assignment.
Changes: https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.4
OK kirill@
