Date: Sun, 09 Aug 2015 23:08:17 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 202134] [UPDATE] update www/lighttpd to 1.4.36 Message-ID: <bug-202134-13-5dTRufpuZC@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-202134-13@https.bugs.freebsd.org/bugzilla/> References: <bug-202134-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202134 --- Comment #4 from Jason Unovitch <jason.unovitch@gmail.com> --- Created attachment 159712 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159712&action=edit security/vuxml for lightttp CVE-2015-3200 Document lighttpd log injection vulnerability in mod_auth PR: 202134 Security: CVE-2015-3200 Security: dd7f29cc-3ee9-11e5-93ad-002590263bf5 Validation is good. % make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml % env PKG_DBDIR=/usr/ports/security/vuxml pkg audit lighttpd-1.4.35_5 lighttpd-1.4.35_5 is vulnerable: lighttpd -- Log injection vulnerability in mod_auth CVE: CVE-2015-3200 WWW: https://vuxml.FreeBSD.org/freebsd/dd7f29cc-3ee9-11e5-93ad-002590263bf5.html 1 problem(s) in the installed packages found. % env PKG_DBDIR=/usr/ports/security/vuxml pkg audit lighttpd-1.4.36 0 problem(s) in the installed packages found. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202134-13-5dTRufpuZC>