Date: Thu, 28 Feb 2013 01:46:41 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r313076 - in head: graphics/rubygem-dragonfly security/vuxml Message-ID: <201302280146.r1S1kfil090304@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Thu Feb 28 01:46:41 2013 New Revision: 313076 URL: http://svnweb.freebsd.org/changeset/ports/313076 Log: - Update to 0.9.14 to fix CVE-2013-1756 Security: aa7764af-0b5e-4ddc-bc65-38ad697a484f Modified: head/graphics/rubygem-dragonfly/Makefile (contents, props changed) head/graphics/rubygem-dragonfly/distinfo (contents, props changed) head/security/vuxml/vuln.xml Modified: head/graphics/rubygem-dragonfly/Makefile ============================================================================== --- head/graphics/rubygem-dragonfly/Makefile Thu Feb 28 01:43:31 2013 (r313075) +++ head/graphics/rubygem-dragonfly/Makefile Thu Feb 28 01:46:41 2013 (r313076) @@ -1,18 +1,17 @@ -# Ports collection makefile for: rubygem-dragonfly -# Date created: 13 January 2011 -# Whom: Jason Helfman <jhelfman@experts-exchange.com> -# +# Created by: Jason Helfman <jhelfman@experts-exchange.com> # $FreeBSD$ PORTNAME= dragonfly -PORTVERSION= 0.9.12 +PORTVERSION= 0.9.14 CATEGORIES= graphics rubygems MASTER_SITES= RG MAINTAINER= ruby@FreeBSD.org COMMENT= On-the-fly Rack-based image handling framework -RUN_DEPENDS+= rubygem-rack>=0:${PORTSDIR}/www/rubygem-rack +RUN_DEPENDS+= rubygem-rack>=0:${PORTSDIR}/www/rubygem-rack \ + rubygem-multi_json>=1.0:${PORTSDIR}/devel/rubygem-multi_json + USE_RUBY= yes USE_RUBYGEMS= yes Modified: head/graphics/rubygem-dragonfly/distinfo ============================================================================== --- head/graphics/rubygem-dragonfly/distinfo Thu Feb 28 01:43:31 2013 (r313075) +++ head/graphics/rubygem-dragonfly/distinfo Thu Feb 28 01:46:41 2013 (r313076) @@ -1,2 +1,2 @@ -SHA256 (rubygem/dragonfly-0.9.12.gem) = 52c3beec7e9be7560158b1a31126966a28b4ed74141caaef5d550936d6cf4851 -SIZE (rubygem/dragonfly-0.9.12.gem) = 444416 +SHA256 (rubygem/dragonfly-0.9.14.gem) = 6b364299b25aee6f5928dc6cb13677f27c892b0a090dc0a5b6d7ac465dfa1234 +SIZE (rubygem/dragonfly-0.9.14.gem) = 446976 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Feb 28 01:43:31 2013 (r313075) +++ head/security/vuxml/vuln.xml Thu Feb 28 01:46:41 2013 (r313076) @@ -51,6 +51,37 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="aa7764af-0b5e-4ddc-bc65-38ad697a484f"> + <topic>rubygem-dragonfly -- arbitrary code execution</topic> + <affects> + <package> + <name>rubygem18-dragonfly</name> + <name>rubygem19-dragonfly</name> + <name>rubygem20-dragonfly</name> + <range><lt>0.9.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Mark Evans reports:</p> + <blockquote cite="https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo">; + <p>Unfortunately there is a security vulnerability in Dragonfly when + used with Rails which would potentially allow an attacker to run + arbitrary code on a host machine using carefully crafted + requests. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-1756</cvename> + </references> + <dates> + <discovery>2013-02-19</discovery> + <entry>2013-02-28</entry> + </dates> + </vuln> + <vuln vid="dbdac023-80e1-11e2-9a29-001060e06fd4"> <topic>linux-flashplugin -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302280146.r1S1kfil090304>