Date: Sat, 5 Jan 2013 11:29:01 +0000 (UTC) From: Chris Rees <crees@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r309954 - head/security/vuxml Message-ID: <201301051129.r05BT1GB089488@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: crees Date: Sat Jan 5 11:29:00 2013 New Revision: 309954 URL: http://svnweb.freebsd.org/changeset/ports/309954 Log: Mark moinmoin vulnerable Security: http://www.debian.org/security/2012/dsa-2593 document freetype vulnerabilities Security: CVE-2012-(1126-1144) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Jan 5 10:53:24 2013 (r309953) +++ head/security/vuxml/vuln.xml Sat Jan 5 11:29:00 2013 (r309954) @@ -51,6 +51,89 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="1ae613c3-5728-11e2-9483-14dae938ec40"> + <topic>freetype -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>freetype</name> + <range><lt>2.4.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The FreeType Project reports:</p> + <blockquote cite="http://sourceforge.net/projects/freetype/files/freetype2/2.4.11/README/view">; + <p>Some vulnerabilities in the BDF implementation have been fixed. + Users of this font format should upgrade.</p> + <p>(More serious vulnerabilities were fixed in 2.4.9, and are + referenced here).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-1126</cvename> + <cvename>CVE-2012-1127</cvename> + <cvename>CVE-2012-1128</cvename> + <cvename>CVE-2012-1129</cvename> + <cvename>CVE-2012-1130</cvename> + <cvename>CVE-2012-1131</cvename> + <cvename>CVE-2012-1132</cvename> + <cvename>CVE-2012-1133</cvename> + <cvename>CVE-2012-1134</cvename> + <cvename>CVE-2012-1135</cvename> + <cvename>CVE-2012-1136</cvename> + <cvename>CVE-2012-1137</cvename> + <cvename>CVE-2012-1138</cvename> + <cvename>CVE-2012-1139</cvename> + <cvename>CVE-2012-1140</cvename> + <cvename>CVE-2012-1141</cvename> + <cvename>CVE-2012-1142</cvename> + <cvename>CVE-2012-1143</cvename> + <cvename>CVE-2012-1144</cvename> + </references> + <dates> + <discovery>2012-12-20</discovery> + <entry>2013-01-05</entry> + </dates> + </vuln> + + <vuln vid="a264b1b0-5726-11e2-9483-14dae938ec40"> + <topic>moinmoin -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>moinmoin</name> + <range><lt>1.9.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Thomas Waldmann reports:</p> + <blockquote cite="http://hg.moinmo.in/moin/1.9/raw-file/1.9.6/docs/CHANGES">; + <p>SECURITY HINT: make sure you have allow_xslt = False (or just do + not use allow_xslt at all in your wiki configs, False is the + internal default). Allowing XSLT/4suite is very dangerous, see + HelpOnConfiguration wiki page.</p> + + <p>Fixes:</p> + <ul> + <li>fix remote code execution vulnerability in + twikidraw/anywikidraw action</li> + <li>fix path traversal vulnerability in AttachFile action</li> + <li>fix XSS issue, escape page name in rss link.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>http://hg.moinmo.in/moin/1.9/raw-file/1.9.6/docs/CHANGES</url>; + <url>http://www.debian.org/security/2012/dsa-2593</url>; + </references> + <dates> + <discovery>2012-12-29</discovery> + <entry>2013-01-05</entry> + </dates> + </vuln> + <vuln vid="f7c87a8a-55d5-11e2-a255-c8600054b392"> <topic>asterisk -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301051129.r05BT1GB089488>