Date: Tue, 12 Jan 2016 14:50:44 +0000 (UTC) From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r405876 - head/security/vuxml Message-ID: <201601121450.u0CEoiFU020257@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rakuco Date: Tue Jan 12 14:50:43 2016 New Revision: 405876 URL: https://svnweb.freebsd.org/changeset/ports/405876 Log: Add entry for CVE-2015-8607 in devel/p5-PathTools. Security: CVE-2015-8607 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jan 12 14:38:48 2016 (r405875) +++ head/security/vuxml/vuln.xml Tue Jan 12 14:50:43 2016 (r405876) @@ -58,6 +58,40 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="333f655a-b93a-11e5-9efa-5453ed2e2b49"> + <topic>p5-PathTools -- File::Spec::canonpath loses taint</topic> + <affects> + <package> + <name>p5-PathTools</name> + <range> + <gt>3.4000</gt> + <lt>3.6200</lt> + </range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Ricardo Signes reports:</p> + <blockquote> + <p>Beginning in PathTools 3.47 and/or perl 5.20.0, the + File::Spec::canonpath() routine returned untained strings even if + passed tainted input. This defect undermines the guarantee of taint + propagation, which is sometimes used to ensure that unvalidated + user input does not reach sensitive code.</p> + <p>This defect was found and reported by David Golden of MongoDB.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2015-8607</cvename> + <url>https://rt.perl.org/Public/Bug/Display.html?id=126862</url> + </references> + <dates> + <discovery>2016-01-11</discovery> + <entry>2016-01-12</entry> + </dates> + </vuln> + <vuln vid="6b771fe2-b84e-11e5-92f9-485d605f4717"> <topic>php -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601121450.u0CEoiFU020257>