Date: Tue, 18 Jun 2013 15:15:48 +0000 (UTC) From: Palle Girgensohn <girgen@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r321194 - in head: devel/xmltooling security/apache-xml-security-c security/opensaml2 security/shibboleth2-sp security/vuxml Message-ID: <201306181515.r5IFFmeW000583@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: girgen Date: Tue Jun 18 15:15:48 2013 New Revision: 321194 URL: http://svnweb.freebsd.org/changeset/ports/321194 Log: Security update for apache-xml-security-c. Dependant ports, especially shibboleth2-sp, opensaml2, xmltooling and log4shib should all be updated. Security: CVE-2013-2156 Modified: head/devel/xmltooling/Makefile head/devel/xmltooling/distinfo head/security/apache-xml-security-c/Makefile head/security/apache-xml-security-c/distinfo head/security/opensaml2/Makefile head/security/opensaml2/distinfo head/security/shibboleth2-sp/Makefile head/security/shibboleth2-sp/distinfo head/security/vuxml/vuln.xml Modified: head/devel/xmltooling/Makefile ============================================================================== --- head/devel/xmltooling/Makefile Tue Jun 18 15:12:06 2013 (r321193) +++ head/devel/xmltooling/Makefile Tue Jun 18 15:15:48 2013 (r321194) @@ -2,9 +2,9 @@ # $FreeBSD$ PORTNAME= xmltooling -PORTVERSION= 1.5.2 +PORTVERSION= 1.5.3 CATEGORIES= devel security -MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/2.5.2/ +MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/2.5.3/ MAINTAINER= girgen@FreeBSD.org COMMENT= Low level XML support for SAML Modified: head/devel/xmltooling/distinfo ============================================================================== --- head/devel/xmltooling/distinfo Tue Jun 18 15:12:06 2013 (r321193) +++ head/devel/xmltooling/distinfo Tue Jun 18 15:15:48 2013 (r321194) @@ -1,2 +1,2 @@ -SHA256 (xmltooling-1.5.2.tar.gz) = d43719f8d742d87131ea64f2dbc8f1b366c7f216ac21015090a51693ff11df98 -SIZE (xmltooling-1.5.2.tar.gz) = 679098 +SHA256 (xmltooling-1.5.3.tar.gz) = 90e453deb738574b04f1f1aa08ed7cc9d8746bcbf93eb59f401a6e38f2ec9574 +SIZE (xmltooling-1.5.3.tar.gz) = 675350 Modified: head/security/apache-xml-security-c/Makefile ============================================================================== --- head/security/apache-xml-security-c/Makefile Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/apache-xml-security-c/Makefile Tue Jun 18 15:15:48 2013 (r321194) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= xml-security-c -PORTVERSION= 1.7.0 +PORTVERSION= 1.7.1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_APACHE} MASTER_SITE_SUBDIR=santuario/c-library Modified: head/security/apache-xml-security-c/distinfo ============================================================================== --- head/security/apache-xml-security-c/distinfo Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/apache-xml-security-c/distinfo Tue Jun 18 15:15:48 2013 (r321194) @@ -1,2 +1,2 @@ -SHA256 (xml-security-c-1.7.0.tar.gz) = c8cd6ec3d3b777fcca295cb4b273b08e4cfe37e03fc27131ec079894b9dae87c -SIZE (xml-security-c-1.7.0.tar.gz) = 874025 +SHA256 (xml-security-c-1.7.1.tar.gz) = 3d306660702d620b30605627f970b90667ed967211a8fc26b3243e6d3abeb32e +SIZE (xml-security-c-1.7.1.tar.gz) = 875367 Modified: head/security/opensaml2/Makefile ============================================================================== --- head/security/opensaml2/Makefile Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/opensaml2/Makefile Tue Jun 18 15:15:48 2013 (r321194) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= opensaml2 -PORTVERSION= 2.5.2 +PORTVERSION= 2.5.3 CATEGORIES= security MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/ DISTNAME= opensaml-${PORTVERSION} Modified: head/security/opensaml2/distinfo ============================================================================== --- head/security/opensaml2/distinfo Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/opensaml2/distinfo Tue Jun 18 15:15:48 2013 (r321194) @@ -1,2 +1,2 @@ -SHA256 (opensaml-2.5.2.tar.gz) = 5bc3fbe5e789ad7aedfc2919413131400290466ecd2b77b1c3f3dc4c37e6fe54 -SIZE (opensaml-2.5.2.tar.gz) = 707139 +SHA256 (opensaml-2.5.3.tar.gz) = 1ed6a241b2021def6a1af57d3087b697c98b38842e9195e1f3fae194d55c13fb +SIZE (opensaml-2.5.3.tar.gz) = 703021 Modified: head/security/shibboleth2-sp/Makefile ============================================================================== --- head/security/shibboleth2-sp/Makefile Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/shibboleth2-sp/Makefile Tue Jun 18 15:15:48 2013 (r321194) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= shibboleth-sp -PORTVERSION= 2.5.1 -PORTREVISION= 1 +PORTVERSION= 2.5.2 CATEGORIES= security www MASTER_SITES= http://shibboleth.net/downloads/service-provider/${PORTVERSION}/ Modified: head/security/shibboleth2-sp/distinfo ============================================================================== --- head/security/shibboleth2-sp/distinfo Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/shibboleth2-sp/distinfo Tue Jun 18 15:15:48 2013 (r321194) @@ -1,2 +1,2 @@ -SHA256 (shibboleth-sp-2.5.1.tar.gz) = a697034fe56a170602a3907cde6faf822836b1ba23cdc11af315a81df6102f04 -SIZE (shibboleth-sp-2.5.1.tar.gz) = 952815 +SHA256 (shibboleth-sp-2.5.2.tar.gz) = 1d5c42ea6a6cf5f1ed39101af52a2df2cf7e5e6c086e1081bdf1275f970ba1d5 +SIZE (shibboleth-sp-2.5.2.tar.gz) = 949163 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/vuxml/vuln.xml Tue Jun 18 15:15:48 2013 (r321194) @@ -51,6 +51,36 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="279e5f4b-d823-11e2-928e-08002798f6ff"> + <topic>apache-xml-security-c -- heap overflow</topic> + <affects> + <package> + <name>apache-xml-security-c</name> + <range><lt>1.7.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Apache Software Foundation reports:</p> + <blockquote cite="http://santuario.apache.org/secadv.data/CVE-2013-2156.txt">; + <p>A heap overflow exists in the processing of the PrefixList + attribute optionally used in conjunction with Exclusive + Canonicalization, potentially allowing arbitary code execution. + If verification of the signature occurs prior to actual evaluation of a + signing key, this could be exploited by an unauthenticated attacker.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-2156</cvename> + <url>http://santuario.apache.org/secadv.data/CVE-2013-2156.txt</url>; + </references> + <dates> + <discovery>2013-06-18</discovery> + <entry>2013-06-18</entry> + </dates> + </vuln> + <vuln vid="80af2677-d6c0-11e2-8f5e-001966155bea"> <topic>tor -- guard discovery</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306181515.r5IFFmeW000583>