From owner-cvs-all@FreeBSD.ORG  Mon Oct 23 13:45:23 2006
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@freebsd.org
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4C57916A562;
	Mon, 23 Oct 2006 13:45:23 +0000 (UTC)
	(envelope-from remko@elvandar.org)
Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9834743D7C;
	Mon, 23 Oct 2006 13:45:12 +0000 (GMT)
	(envelope-from remko@elvandar.org)
Received: from localhost (caelis.elvandar.org [217.148.169.59])
	by caelis.elvandar.org (Postfix) with ESMTP id 7259C92FED4;
	Mon, 23 Oct 2006 15:45:11 +0200 (CEST)
Received: from caelis.elvandar.org ([217.148.169.59])
	by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new,
	port 10024)
	with ESMTP id 94760-05; Mon, 23 Oct 2006 15:44:59 +0200 (CEST)
Received: from webmail.evilcoder.org (dartagnan.elvandar.intranet [10.0.3.122])
	by caelis.elvandar.org (Postfix) with ESMTP id DD56992FC86;
	Mon, 23 Oct 2006 15:44:59 +0200 (CEST)
Received: from 194.74.82.3
	(SquirrelMail authenticated user remko@evilcoder.org)
	by webmail.evilcoder.org with HTTP;
	Mon, 23 Oct 2006 15:44:59 +0200 (CEST)
Message-ID: <44815.194.74.82.3.1161611099.squirrel@webmail.evilcoder.org>
In-Reply-To: <200610231315.k9NDFV0s002358@repoman.freebsd.org>
References: <200610231315.k9NDFV0s002358@repoman.freebsd.org>
Date: Mon, 23 Oct 2006 15:44:59 +0200 (CEST)
From: "Remko Lodder" <remko@elvandar.org>
To: "Martin Wilke" <miwi@FreeBSD.org>
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: by the elvandar.org maildomain
Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Oct 2006 13:45:23 -0000

Thank you, our users will be aware now, we will fix any issues later
(if needed).

cheers,
remko
-- 
Kind regards,

   Remko Lodder  ** remko@elvandar.org
        FreeBSD  ** remko@FreeBSD.org

   /* Quis Custodiet ipsos custodes */


<quote who="Martin Wilke">
> miwi        2006-10-23 13:15:31 UTC
>
>   FreeBSD ports repository
>
>   Modified files:
>     security/vuxml       vuln.xml
>   Log:
>   - Add entry for www/serendipity and www/serendipity-devel
>
>   Reviewed by:    markus@
>   Approved by:    portmgr (implicit VuXML), secteam (Remko (not
> reviewed yet))
>
>   Revision  Changes    Path
>   1.1209    +36 -1     ports/security/vuxml/vuln.xml
> http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.1208&r2=1.1209
> | ===================================================================
> | RCS file:
> /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v
> | retrieving revision 1.1208
> | retrieving revision 1.1209
> | diff -u -p -r1.1208 -r1.1209
> | --- ports/security/vuxml/vuln.xml	2006/10/23 11:15:11	1.1208
> | +++ ports/security/vuxml/vuln.xml	2006/10/23 13:15:30	1.1209
> | @@ -28,12 +28,47 @@ WHETHER IN CONTRACT, STRICT LIABILITY, O
> |  OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
> DOCUMENTATION,
> |  EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> |
> | -  $FreeBSD:
> /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.1208
> 2006/10/23 11:15:11 markus Exp $
> | +  $FreeBSD:
> /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.1209
> 2006/10/23 13:15:30 miwi Exp $
> |
> |  Note:  Please add new entries to the beginning of this file.
> |
> |  -->
> |  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> | +  <vuln vid="96ed277b-60e0-11db-ad2d-0016179b2dd5">
> | +    <topic>Serendipity -- XSS Vulnerabilities</topic>
> | +    <affects>
> | +      <package>
> | +	<name>serendipity</name>
> | +	<range><lt>1.0.1</lt></range>
> | +      </package>
> | +    </affects>
> | +    <description>
> | +      <body xmlns="http://www.w3.org/1999/xhtml">
> | +	<p>The Serendipity Team reports:</p>
> | +	<blockquote
> cite="http://blog.s9y.org/archives/147-Serendipity-1.0.2-and-1.1-beta5-released.html">
> | +	  <p>Serendipity failed to correctly sanitize user input on the
> | +	    media manager administration page. The content of GET variables
> | +	    were written into JavaScript strings. By using standard string
> | +	    evasion techniques it was possible to execute arbitrary
> | +	    JavaScript.</p>
> | +	  <p>Additionally Serendipity dynamically created a HTML form on
> | +	    the media manager administration page that contained all
> | +	    variables found in the URL as hidden fields. While the variable
> | +	    values were correctly escaped it was possible to break out
> | +	    by specifying strange variable names.</p>
> | +	</blockquote>
> | +      </body>
> | +    </description>
> | +    <references>
> | +
> <url>http://www.hardened-php.net/advisory_112006.136.htmlSerendipity</url>
> | +      <url>http://secunia.com/advisories/22501/</url>
> | +    </references>
> | +    <dates>
> | +      <discovery>2006-10-19</discovery>
> | +      <entry>2006-10-21</entry>
> | +    </dates>
> | +  </vuln>
> | +
> |    <vuln vid="d8fbf13a-6215-11db-a59e-0211d85f11fb">
> |      <topic>kdelibs -- integer overflow in khtml</topic>
> |      <affects>
> _______________________________________________
> cvs-ports@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/cvs-ports
> To unsubscribe, send any mail to "cvs-ports-unsubscribe@freebsd.org"
>