Date: Fri, 28 Jun 2013 11:07:49 +0000 (UTC) From: Palle Girgensohn <girgen@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r321955 - in head/security: apache-xml-security-c vuxml Message-ID: <201306281107.r5SB7nhQ023343@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: girgen Date: Fri Jun 28 11:07:48 2013 New Revision: 321955 URL: http://svnweb.freebsd.org/changeset/ports/321955 Log: Security update for apache-xml-security-c URL: http://santuario.apache.org/secadv.data/CVE-2013-2210.txt Security: 81da673e-dfe1-11e2-9389-08002798f6ff Security: CVE-2013-2210 Modified: head/security/apache-xml-security-c/Makefile head/security/apache-xml-security-c/distinfo head/security/vuxml/vuln.xml Modified: head/security/apache-xml-security-c/Makefile ============================================================================== --- head/security/apache-xml-security-c/Makefile Fri Jun 28 10:50:51 2013 (r321954) +++ head/security/apache-xml-security-c/Makefile Fri Jun 28 11:07:48 2013 (r321955) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= xml-security-c -PORTVERSION= 1.7.1 +PORTVERSION= 1.7.2 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_APACHE} MASTER_SITE_SUBDIR=santuario/c-library Modified: head/security/apache-xml-security-c/distinfo ============================================================================== --- head/security/apache-xml-security-c/distinfo Fri Jun 28 10:50:51 2013 (r321954) +++ head/security/apache-xml-security-c/distinfo Fri Jun 28 11:07:48 2013 (r321955) @@ -1,2 +1,2 @@ -SHA256 (xml-security-c-1.7.1.tar.gz) = 3d306660702d620b30605627f970b90667ed967211a8fc26b3243e6d3abeb32e -SIZE (xml-security-c-1.7.1.tar.gz) = 875367 +SHA256 (xml-security-c-1.7.2.tar.gz) = d576b07bb843eaebfde3be01301db40504ea8e8e477c0ad5f739b07022445452 +SIZE (xml-security-c-1.7.2.tar.gz) = 875465 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jun 28 10:50:51 2013 (r321954) +++ head/security/vuxml/vuln.xml Fri Jun 28 11:07:48 2013 (r321955) @@ -51,6 +51,35 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="81da673e-dfe1-11e2-9389-08002798f6ff"> + <topic>apache-xml-security-c -- heap overflow during XPointer evaluation</topic> + <affects> + <package> + <name>apache-xml-security-c</name> + <range><lt>1.7.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Apache Software Foundation reports:</p> + <blockquote cite="http://santuario.apache.org/secadv.data/CVE-2013-2210.txt">; + <p>The attempted fix to address CVE-2013-2154 introduced the + possibility of a heap overflow, possibly leading to arbitrary code + execution, in the processing of malformed XPointer expressions in the + XML Signature Reference processing code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-2210</cvename> + <url>http://santuario.apache.org/secadv.data/CVE-2013-2210.txt</url>; + </references> + <dates> + <discovery>2013-06-27</discovery> + <entry>2013-06-28</entry> + </dates> + </vuln> + <vuln vid="b3fcb387-de4b-11e2-b1c6-0025905a4771"> <topic>mozilla -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306281107.r5SB7nhQ023343>