Date: Sat, 25 Aug 2012 16:11:48 +0400 (MSK) From: Eygene Ryabinkin <rea@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: llevier@argosnet.com Subject: ports/171022: [vuxml][patch] security/squidclamav: fix CVE-2012-3501 and CVE-2012-4667 Message-ID: <20120825121148.96B4BDA81F@void.codelabs.ru> Resent-Message-ID: <201208251220.q7PCK1Ad000272@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 171022
>Category: ports
>Synopsis: [vuxml][patch] security/squidclamav: fix CVE-2012-3501 and CVE-2012-4667
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Aug 25 12:20:01 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Eygene Ryabinkin
>Release: FreeBSD 10.0-CURRENT amd64
>Organization:
Code Labs
>Environment:
System: FreeBSD 10.0-CURRENT amd64
>Description:
Two vulnerabilities,
- cross-site scripting,
http://www.vuxml.org/freebsd/ce680f0a-eea6-11e1-8bd8-0022156e8794.html
- denial of service,
http://www.vuxml.org/freebsd/8defa0f9-ee8a-11e1-8bd8-0022156e8794.html
were fixed in SquidClamav 5.8.
>How-To-Repeat:
Look at the above pages and
http://squidclamav.darold.net/news.html
>Fix:
The patch at
http://codelabs.ru/fbsd/ports/squidclamav/fix-cve-2012-3501-and-4667.diff
contains backported fixes and compiles for me. If you will use this
patch rather than upgrading to 5.8, VuXML entries should be changed to
have version "5.7_1" instead of "5.8" in the version range
specification.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120825121148.96B4BDA81F>