Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 9 Oct 2014 13:09:52 +0000 (UTC)
From:      Mark Felder <feld@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r370524 - head/security/vuxml
Message-ID:  <201410091309.s99D9qGv073802@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: feld
Date: Thu Oct  9 13:09:52 2014
New Revision: 370524
URL: https://svnweb.freebsd.org/changeset/ports/370524
QAT: https://qat.redports.org/buildarchive/r370524/

Log:
  Add entry for foreman-proxy
  
  Obtained from:	mmoll

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Oct  9 12:58:55 2014	(r370523)
+++ head/security/vuxml/vuln.xml	Thu Oct  9 13:09:52 2014	(r370524)
@@ -57,6 +57,36 @@ Notes:
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="c30c3a2e-4fb1-11e4-b275-14dae9d210b8">
+    <topic>foreman-proxy SSL verification issue</topic>
+    <affects>
+      <package>
+	<name>foreman-proxy</name>
+	<range><lt>1.6.2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Foreman Security reports:</p>
+	<blockquote cite="http://projects.theforeman.org/issues/7822">;
+	  <p>The smart proxy when running in an SSL-secured mode permits incoming
+	    API calls to any endpoint without requiring, or performing any
+	    verification of an SSL client certificate. This permits any client
+	    with access to the API to make requests and perform actions
+	    permitting control of Puppet CA, DHCP, DNS etc.)</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2014-3691</cvename>
+      <url>https://groups.google.com/forum/#!topic/foreman-announce/LcjZx25Bl7U</url>;
+    </references>
+    <dates>
+      <discovery>2014-05-09</discovery>
+      <entry>2014-10-09</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="d2bbcc01-4ec3-11e4-ab3f-00262d5ed8ee">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410091309.s99D9qGv073802>