From owner-freebsd-vuxml@FreeBSD.ORG  Sat Apr  1 04:06:04 2006
Return-Path: <owner-freebsd-vuxml@FreeBSD.ORG>
X-Original-To: freebsd-vuxml@freebsd.org
Delivered-To: freebsd-vuxml@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F08BC16A425
	for <freebsd-vuxml@freebsd.org>; Sat,  1 Apr 2006 04:06:04 +0000 (UTC)
	(envelope-from dan@langille.org)
Received: from m21.unixathome.org (m21.unixathome.org [205.150.199.217])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8F98943D45
	for <freebsd-vuxml@freebsd.org>; Sat,  1 Apr 2006 04:06:04 +0000 (GMT)
	(envelope-from dan@langille.org)
Received: from localhost (localhost [205.150.199.217])
	by m21.unixathome.org (Postfix) with ESMTP id B7021C370
	for <freebsd-vuxml@freebsd.org>; Fri, 31 Mar 2006 23:06:03 -0500 (EST)
Received: from m21.unixathome.org ([205.150.199.217])
	by localhost (m21.unixathome.org [205.150.199.217]) (amavisd-new,
	port 10024) with ESMTP id 16773-05 for <freebsd-vuxml@freebsd.org>;
	Fri, 31 Mar 2006 23:06:00 -0500 (EST)
Received: from bast.unixathome.org (bast.unixathome.org [70.26.229.230])
	by m21.unixathome.org (Postfix) with ESMTP id 4EA3BBF9B
	for <freebsd-vuxml@freebsd.org>; Fri, 31 Mar 2006 23:06:00 -0500 (EST)
Received: from [10.55.0.99] (wocker.unixathome.org [10.55.0.99])
	by bast.unixathome.org (Postfix) with ESMTP id C0E5EB820
	for <freebsd-vuxml@freebsd.org>; Fri, 31 Mar 2006 23:05:59 -0500 (EST)
From: "Dan Langille" <dan@langille.org>
To: freebsd-vuxml@freebsd.org
Date: Fri, 31 Mar 2006 23:05:59 -0500
MIME-Version: 1.0
Message-ID: <442DB5D7.30037.301FFEF@dan.langille.org>
Priority: normal
X-mailer: Pegasus Mail for Windows (4.31)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at unixathome.org
Subject: mantis problems fixed
X-BeenThere: freebsd-vuxml@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Documenting security issues in VuXML <freebsd-vuxml.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml>,
	<mailto:freebsd-vuxml-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-vuxml>
List-Post: <mailto:freebsd-vuxml@freebsd.org>
List-Help: <mailto:freebsd-vuxml-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml>,
	<mailto:freebsd-vuxml-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Apr 2006 04:06:05 -0000

Hi folks,

I've been finding out that a couple of mantis-related problems 
have been fixed:

http://www.freebsd.org/ports/portaudit/82a41084-6ce7-11da-b90c-
000e0c2e438a.html

has been fixed here:

http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/bug_sponsorshi
p_list_view_inc.php?rev=1.13&view=log
Fixed #6273: File Inclusion Vulnerability


And:  http://www.FreeBSD.org/ports/portaudit/6e3b12e2-6ce3-11da-b90c-
000e0c2e438a.html

is here: 
http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/core/filter_ap
i.php?rev=1.138&view=log

fix for 0006436: code injection
  - fixed 1 possible code injection and 2 XSS injections

Could someone update the vuxml db please?  I'd like to 
put mantis back into the tree.

-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php