Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Sep 2018 16:13:58 +0000 (UTC)
From:      Mark Felder <feld@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r479532 - head/security/vuxml
Message-ID:  <201809111613.w8BGDwVV017245@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: feld
Date: Tue Sep 11 16:13:58 2018
New Revision: 479532
URL: https://svnweb.freebsd.org/changeset/ports/479532

Log:
  Improve formatting
  Also add plexmediaserver-plexpass package as vulnerable

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue Sep 11 16:10:30 2018	(r479531)
+++ head/security/vuxml/vuln.xml	Tue Sep 11 16:13:58 2018	(r479532)
@@ -63,6 +63,7 @@ Notes:
     <affects>
       <package>
 	<name>plexmediaserver</name>
+	<name>plexmediaserver-plexpass</name>
 	<range><lt>1.13.5.5332</lt></range>
       </package>
     </affects>
@@ -71,17 +72,17 @@ Notes:
 	<p>Chris reports:</p>
 	<blockquote cite="https://seclists.org/fulldisclosure/2018/Aug/1">;
 	  <p>The XML parsing engine for Plex Media Server's SSDP/UPNP
-	    functionality is vulnerable to an XML External Entity 
+	    functionality is vulnerable to an XML External Entity
 	    Processing (XXE) attack. Unauthenticated attackers on the same LAN can
 	    use this vulnerability to:</p>
-	  <li>
-	  <ul>Access arbitrary files from the filesystem with the same permission as
-	  the user account running Plex.</ul>
-	  <ul>Initiate SMB connections to capture NetNTLM challenge/response and
-	  crack to clear-text password.</ul>
-	  <ul>Initiate SMB connections to relay NetNTLM challenge/response and
-	  achieve Remote Command Execution in Windows domains.</ul>
-	  </li>
+	  <ul>
+	  <li>Access arbitrary files from the filesystem with the same permission as
+	  the user account running Plex.</li>
+	  <li>Initiate SMB connections to capture NetNTLM challenge/response and
+	  crack to clear-text password.</li>
+	  <li>Initiate SMB connections to relay NetNTLM challenge/response and
+	  achieve Remote Command Execution in Windows domains.</li>
+	  </ul>
 	</blockquote>
       </body>
     </description>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201809111613.w8BGDwVV017245>