Date: Sun, 5 Mar 2017 03:18:05 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r435444 - head/security/vuxml Message-ID: <201703050318.v253I5hH025777@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Sun Mar 5 03:18:05 2017 New Revision: 435444 URL: https://svnweb.freebsd.org/changeset/ports/435444 Log: Document ikiwiki vulnerabilities PR: 216665 Reported by: sevan Security: CVE-2016-9645 Security: CVE-2016-10026 Security: CVE-2017-0356 Security: https://vuxml.FreeBSD.org/freebsd/5ed094a0-0150-11e7-ae1b-002590263bf5.html Security: https://vuxml.FreeBSD.org/freebsd/7b35a77a-0151-11e7-ae1b-002590263bf5.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Mar 5 03:07:52 2017 (r435443) +++ head/security/vuxml/vuln.xml Sun Mar 5 03:18:05 2017 (r435444) @@ -58,6 +58,78 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="7b35a77a-0151-11e7-ae1b-002590263bf5"> + <topic>ikiwiki -- authentication bypass vulnerability</topic> + <affects> + <package> + <name>ikiwiki</name> + <range><lt>3.20170111</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>ikiwiki reports:</p> + <blockquote cite="https://ikiwiki.info/security/#index48h2">; + <p>The ikiwiki maintainers discovered further flaws similar to + CVE-2016-9646 in the passwordauth plugin's use of + CGI::FormBuilder, with a more serious impact:</p> + <p>An attacker who can log in to a site with a password can log in as + a different and potentially more privileged user.</p> + <p>An attacker who can create a new account can set arbitrary fields + in the user database for that account</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-0356</cvename> + <url>https://ikiwiki.info/security/#index48h2</url>; + </references> + <dates> + <discovery>2017-01-11</discovery> + <entry>2017-03-05</entry> + </dates> + </vuln> + + <vuln vid="5ed094a0-0150-11e7-ae1b-002590263bf5"> + <topic>ikiwiki -- multiple vulnerabilities</topic> + <affects> + <package> + <name>ikiwiki</name> + <range><lt>3.20161229</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Mitre reports:</p> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10026">; + <p>ikiwiki 3.20161219 does not properly check if a revision changes + the access permissions for a page on sites with the git and + recentchanges plugins and the CGI interface enabled, which allows + remote attackers to revert certain changes by leveraging permissions + to change the page before the revision was made.</p> + </blockquote> + <blockquote cite="https://ikiwiki.info/security/#index47h2">; + <p>When CGI::FormBuilder->field("foo") is called in list context + (and in particular in the arguments to a subroutine that takes named + arguments), it can return zero or more values for foo from the CGI + request, rather than the expected single value. This breaks the + usual Perl parsing convention for named arguments, similar to + CVE-2014-1572 in Bugzilla (which was caused by a similar API design + issue in CGI.pm).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-10026</cvename> + <cvename>CVE-2016-9645</cvename> + <url>https://ikiwiki.info/security/#index46h2</url>; + </references> + <dates> + <discovery>2016-12-19</discovery> + <entry>2017-03-05</entry> + </dates> + </vuln> + <vuln vid="f4eb9a25-fde0-11e6-9ad0-b8aeed92ecc4"> <topic>potrace -- multiple memory failure</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703050318.v253I5hH025777>