Date: Sat, 23 May 2015 14:55:48 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 199091] [databases/cassandra][security] CVE-2015-0225 Message-ID: <bug-199091-13-M8Zc5GuxLR@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-199091-13@https.bugs.freebsd.org/bugzilla/> References: <bug-199091-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199091 jason.unovitch@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jason.unovitch@gmail.com --- Comment #1 from jason.unovitch@gmail.com --- Created attachment 157082 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=157082&action=edit security/vuxml documentation for Apache Cassandra CVE-2015-0225 Per upstream security advisory, 1.2.x has reached EOL so there is not going to be update that will fix databases/cassandra. As such, start by documenting the upstream advisory in security/vuxml. # # Validation Checks # # make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml # # Pkg audit checks, starting with fixed version and working downward # # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cassandra2-2.1.4 0 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cassandra2-2.1.1 cassandra2-2.1.1 is vulnerable: cassandra -- remote execution of arbitrary code CVE: CVE-2015-0225 WWW: http://vuxml.FreeBSD.org/freebsd/607f4d44-0158-11e5-8fda-002590263bf5.html 1 problem(s) in the installed packages found. root@xts-bsd /u/p/s/vuxml# env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cassandra2-2.0.10 cassandra2-2.0.10 is vulnerable: cassandra -- remote execution of arbitrary code CVE: CVE-2015-0225 WWW: http://vuxml.FreeBSD.org/freebsd/607f4d44-0158-11e5-8fda-002590263bf5.html 1 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cassandra-1.2.18 cassandra-1.2.18 is vulnerable: cassandra -- remote execution of arbitrary code CVE: CVE-2015-0225 WWW: http://vuxml.FreeBSD.org/freebsd/607f4d44-0158-11e5-8fda-002590263bf5.html 1 problem(s) in the installed packages found. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-199091-13-M8Zc5GuxLR>