From owner-freebsd-ports@FreeBSD.ORG  Wed Aug 28 09:21:54 2013
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 88FA82E1;
 Wed, 28 Aug 2013 09:21:54 +0000 (UTC) (envelope-from lists@opsec.eu)
Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 48CA3284E;
 Wed, 28 Aug 2013 09:21:54 +0000 (UTC)
Received: from pi by home.opsec.eu with local (Exim 4.80.1 (FreeBSD))
 (envelope-from <lists@opsec.eu>)
 id 1VEbwl-0008FA-3b; Wed, 28 Aug 2013 11:21:51 +0200
Date: Wed, 28 Aug 2013 11:21:51 +0200
From: Kurt Jaeger <lists@opsec.eu>
To: Rodrigo OSORIO <rodrigo@bebik.net>
Subject: Re: Cacti vulnerable? / vuxml update
Message-ID: <20130828092151.GY2951@home.opsec.eu>
References: <521DAB7C.4000100@netfence.it>
 <20130828084315.GB54712@oldfaithful.bebik.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20130828084315.GB54712@oldfaithful.bebik.local>
Cc: Andrea Venturoli <ml@netfence.it>, freebsd-ports@freebsd.org,
 sem@FreeBSD.org
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2013 09:21:54 -0000

Hi!

> > In ports we have Cacti 0.8.8a.
> > According to 0.8.8b release notes 
> > (http://www.cacti.net/release_notes_0_8_8b.php), "multiple ... SQL 
> > injection vulnerabilities" were fixed in that release.
> > Portaudit doesn't bring up any warning.
> 
> I just send a PR to update the vuxml database ( ports/181606 )

Here's the PR to update the port.

http://www.freebsd.org/cgi/query-pr.cgi?pr=181608

-- 
pi@opsec.eu            +49 171 3101372                         7 years to go !