From owner-svn-ports-head@FreeBSD.ORG Sun Mar 10 04:03:18 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 40D84139; Sun, 10 Mar 2013 04:03:13 +0000 (UTC) (envelope-from miwi@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 186EFA6B; Sun, 10 Mar 2013 04:03:13 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r2A43CPV039156; Sun, 10 Mar 2013 04:03:12 GMT (envelope-from miwi@svn.freebsd.org) Received: (from miwi@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r2A43CZ7039155; Sun, 10 Mar 2013 04:03:12 GMT (envelope-from miwi@svn.freebsd.org) Message-Id: <201303100403.r2A43CZ7039155@svn.freebsd.org> From: Martin Wilke Date: Sun, 10 Mar 2013 04:03:12 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r313798 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Mar 2013 04:03:18 -0000 Author: miwi Date: Sun Mar 10 04:03:12 2013 New Revision: 313798 URL: http://svnweb.freebsd.org/changeset/ports/313798 Log: - Fix previous entry Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Mar 10 03:52:04 2013 (r313797) +++ head/security/vuxml/vuln.xml Sun Mar 10 04:03:12 2013 (r313798) @@ -64,12 +64,16 @@ Note: Please add new entries to the beg

Pidgin reports:

libpurple

-

-- Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274)

+

Fix a crash when receiving UPnP responses with abnormally long values.

MXit

-

-- Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271)

-

-- Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272)

+

Fix two bugs where a remote MXit user could possibly specify a local file + path to be written to.

+

Fix a bug where the MXit server or a man-in-the-middle could potentially + send specially crafted data that could overflow a buffer and lead to a crash + or remote code execution.

Sametime

-

-- Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273)

+

Fix a crash in Sametime when a malicious server sends us an abnormally long + user ID.

@@ -416,8 +420,8 @@ Note: Please add new entries to the beg

Mark Evans reports:

-

Unfortunately there is a security vulnerability in Dragonfly when - used with Rails which would potentially allow an attacker to run +

Unfortnately there is a security vulnerability in Dragonfly when + used with Rails which would potentially allow an attacker to run arbitrary code on a host machine using carefully crafted requests.