Date: Wed, 23 Aug 2017 12:54:48 +0000 (UTC) From: Torsten Zuehlsdorff <tz@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r448608 - head/security/vuxml Message-ID: <201708231254.v7NCsmR5090827@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tz Date: Wed Aug 23 12:54:48 2017 New Revision: 448608 URL: https://svnweb.freebsd.org/changeset/ports/448608 Log: Document vulnerabilities of mail/phpmailer Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Aug 23 12:50:31 2017 (r448607) +++ head/security/vuxml/vuln.xml Wed Aug 23 12:54:48 2017 (r448608) @@ -58,6 +58,38 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="c5d79773-8801-11e7-93f7-d43d7e971a1b"> + <topic>phpmailer -- XSS in code example and default exeception handler</topic> + <affects> + <package> + <name>phpmailer</name> + <range><lt>5.2.24</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>PHPMailer reports:</p> + <blockquote cite="https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24">; + <p>Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The + code_generator.phps example did not filter user input prior to output. This + file is distributed with a .phps extension, so it it not normally executable + unless it is explicitly renamed, so it is safe by default. There was also an + undisclosed potential XSS vulnerability in the default exception handler + (unused by default). Patches for both issues kindly provided by Patrick + Monnerat of the Fedora Project.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24</url>; + <cvename>CVE-2017-11503</cvename> + </references> + <dates> + <discovery>2017-07-27</discovery> + <entry>2017-08-23</entry> + </dates> + </vuln> + <vuln vid="3531141d-a708-477c-954a-2a0549e49ca9"> <topic>salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201708231254.v7NCsmR5090827>