From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Jul 7 17:30:20 2005 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B662D16A420 for ; Thu, 7 Jul 2005 17:30:20 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 510B543D53 for ; Thu, 7 Jul 2005 17:30:20 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j67HUK6S012987 for ; Thu, 7 Jul 2005 17:30:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j67HUJhp012985; Thu, 7 Jul 2005 17:30:19 GMT (envelope-from gnats) Resent-Date: Thu, 7 Jul 2005 17:30:19 GMT Resent-Message-Id: <200507071730.j67HUJhp012985@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Thierry Thomas Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E584616A41C for ; Thu, 7 Jul 2005 17:24:10 +0000 (GMT) (envelope-from thierry@pompo.net) Received: from ws90bj.pompo.net (graf.pompo.net [81.56.186.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61E6243D49 for ; Thu, 7 Jul 2005 17:24:09 +0000 (GMT) (envelope-from thierry@pompo.net) Received: by ws90bj.pompo.net (Postfix, from userid 1001) id DDCB022B8B1; Thu, 7 Jul 2005 19:22:56 +0200 (CEST) Message-Id: <20050707172256.DDCB022B8B1@ws90bj.pompo.net> Date: Thu, 7 Jul 2005 19:22:56 +0200 (CEST) From: Thierry Thomas To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/83106: devel/pear-XML_RPC: eliminate two path disclosure vulnerabilities. X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Thierry Thomas List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jul 2005 17:30:20 -0000 >Number: 83106 >Category: ports >Synopsis: devel/pear-XML_RPC: eliminate two path disclosure vulnerabilities. >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Jul 07 17:30:19 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Thierry Thomas >Release: FreeBSD 5.4-STABLE i386 >Organization: Kabbale Eros >Environment: System: FreeBSD ws90bj.pompo.net 5.4-STABLE FreeBSD 5.4-STABLE #0: Sun May 22 14:07:39 CEST 2005 thierry@ws90bj.pompo.net:/usr/obj/usr/src/sys/WS90BJ-050222 i386 >Description: Update to 1.3.2. According to changelog: * Eliminate path disclosure vulnerabilities by suppressing error messages when eval()'ing; * Eliminate path disclosure vulnerability by catching bogus parameters submitted to XML_RPC_Value::serializeval(). Full changelog at . >How-To-Repeat: N/A. >Fix: Apply the following patch: --- pear-XML_RPC.diff begins here --- diff -urN devel/pear-XML_RPC.orig/Makefile devel/pear-XML_RPC/Makefile --- devel/pear-XML_RPC.orig/Makefile Mon Jul 4 19:20:45 2005 +++ devel/pear-XML_RPC/Makefile Thu Jul 7 19:08:43 2005 @@ -6,7 +6,7 @@ # PORTNAME= XML_RPC -PORTVERSION= 1.3.1 +PORTVERSION= 1.3.2 CATEGORIES= devel www pear MAINTAINER= antonio@php.net diff -urN devel/pear-XML_RPC.orig/distinfo devel/pear-XML_RPC/distinfo --- devel/pear-XML_RPC.orig/distinfo Mon Jul 4 19:20:56 2005 +++ devel/pear-XML_RPC/distinfo Thu Jul 7 19:08:59 2005 @@ -1,2 +1,2 @@ -MD5 (PEAR/XML_RPC-1.3.1.tgz) = c27e8cc85ff7cb86b119e933bd2eafc1 -SIZE (PEAR/XML_RPC-1.3.1.tgz) = 25310 +MD5 (PEAR/XML_RPC-1.3.2.tgz) = 6f2d8de8f5ddd72dba3946e0a8c95a40 +SIZE (PEAR/XML_RPC-1.3.2.tgz) = 25837 --- pear-XML_RPC.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: