From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Apr 28 19:50:01 2014 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0A8F1F06 for ; Mon, 28 Apr 2014 19:50:01 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DB8B01889 for ; Mon, 28 Apr 2014 19:50:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3SJo0ML064009 for ; Mon, 28 Apr 2014 19:50:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3SJo0CS064006; Mon, 28 Apr 2014 19:50:00 GMT (envelope-from gnats) Resent-Date: Mon, 28 Apr 2014 19:50:00 GMT Resent-Message-Id: <201404281950.s3SJo0CS064006@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, mohawk Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 28DDEED3 for ; Mon, 28 Apr 2014 19:47:15 +0000 (UTC) Received: from mx2.bsdsx.fr (mx2.bsdsx.fr [IPv6:2a02:27d0:100:f205:a642::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9F7391872 for ; Mon, 28 Apr 2014 19:47:14 +0000 (UTC) Received: from blade.bsdsx.fr (localhost [127.0.0.1]); by mx2.bsdsx.fr (OpenSMTPD) with ESMTP id a80b9308; for ; Mon, 28 Apr 2014 21:47:10 +0200 (CEST) Received: (from dsx@localhost) by blade.bsdsx.fr (8.14.7/8.14.7/Submit) id s3SJl9nU096806; Mon, 28 Apr 2014 21:47:09 +0200 (CEST) (envelope-from dsx) Message-Id: <201404281947.s3SJl9nU096806@blade.bsdsx.fr> Date: Mon, 28 Apr 2014 21:47:09 +0200 (CEST) From: mohawk To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.114 Subject: ports/189082: [patch] [vuxml] www/mohawk: multiple vulnerabilities X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: mohawk List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2014 19:50:01 -0000 >Number: 189082 >Category: ports >Synopsis: [patch] [vuxml] www/mohawk: multiple vulnerabilities >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 28 19:50:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: mohawk >Release: FreeBSD 10.0-RELEASE amd64 >Organization: mohawk@bsdsx.fr >Environment: System: FreeBSD blade.bsdsx.fr 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Version of mohawk < 2.0.12 have multiple vulnerabilities >How-To-Repeat: >Fix: --- vuxml.patch begins here --- --- vuln.xml.orig 2014-04-27 20:49:08.000000000 +0200 +++ vuln.xml 2014-04-28 20:36:54.000000000 +0200 @@ -51,6 +51,32 @@ --> + + mohawk -- multiple vulnerabilities + + + mohawk + 2.0.12 + + + + +

The mohawk project reports:

+
+

Segfault when parsing malformed / unescaped url, coredump when setting syslog facility.

+
+ +
+ + http://fossil.bsdsx.fr/mohawk/tktview?name=1707f0e351 + http://fossil.bsdsx.fr/mohawk/tktview?name=1c7565019e + + + 2014-04-10 + 2014-04-27 + +
+ django -- multiple vulnerabilities --- vuxml.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: