From owner-svn-ports-all@FreeBSD.ORG Wed Jul 17 22:09:59 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 694F9FD; Wed, 17 Jul 2013 22:09:59 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 403B0ECE; Wed, 17 Jul 2013 22:09:59 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r6HM9xla052274; Wed, 17 Jul 2013 22:09:59 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r6HM9wLl052270; Wed, 17 Jul 2013 22:09:58 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201307172209.r6HM9wLl052270@svn.freebsd.org> From: Xin LI Date: Wed, 17 Jul 2013 22:09:58 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r323190 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jul 2013 22:09:59 -0000 Author: delphij Date: Wed Jul 17 22:09:58 2013 New Revision: 323190 URL: http://svnweb.freebsd.org/changeset/ports/323190 Log: Document gallery3 multiple vulnerabilities. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 17 22:07:22 2013 (r323189) +++ head/security/vuxml/vuln.xml Wed Jul 17 22:09:58 2013 (r323190) @@ -51,6 +51,43 @@ Note: Please add new entries to the beg --> + + gallery -- multiple vulnerabilities + + + gallery3 + 3.0.9 + + + + +

Red Hat Security Response Team reports:

+
Gallery upstream has released 3.0.9 version, correcting two + security flaws:
+
Issue #1 - Improper stripping of URL fragments in flowplayer + SWF file might lead to reply attacks (a different flaw than + CVE-2013-2138).
+
Issue #2 - gallery3: Multiple information exposure flaws in + data rest core module.
+

+ + + + CVE-2013-2240 + CVE-2013-2241 + http://sourceforge.net/apps/trac/gallery/ticket/2073 + https://bugzilla.redhat.com/show_bug.cgi?id=981197 + http://sourceforge.net/apps/trac/gallery/ticket/2074 + https://bugzilla.redhat.com/show_bug.cgi?id=981198 + http://galleryproject.org/gallery_3_0_9 + + + 2013-06-28 + 2013-07-17 + + + PHP5 -- Heap corruption in XML parser