Date: Mon, 26 Nov 2012 20:55:53 +0000 (UTC) From: Beat Gaetzi <beat@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r307797 - in branches/RELENG_9_1_0: irc/weechat irc/weechat-devel security/vuxml Message-ID: <201211262055.qAQKtrMj072990@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: beat Date: Mon Nov 26 20:55:53 2012 New Revision: 307797 URL: http://svnweb.freebsd.org/changeset/ports/307797 Log: MFH r307534 by jase: - Document new vulnerability in irc/weechat and irc/weechat-devel MFH r307535 by jase: - Fix copy and paste error in latest weechat entry (81826d12-317a-11e2-9186-406186f3d89d) MFH r307536 by jase: - Update to 0.3.9.2 Changes: http://www.weechat.org/files/changelog/ChangeLog-0.3.9.2.html Security: 81826d12-317a-11e2-9186-406186f3d89d MFH r307537 by jase: - Update to 20121118 Security: 81826d12-317a-11e2-9186-406186f3d89d Feature safe: yes Modified: branches/RELENG_9_1_0/irc/weechat-devel/Makefile branches/RELENG_9_1_0/irc/weechat-devel/distinfo branches/RELENG_9_1_0/irc/weechat/Makefile branches/RELENG_9_1_0/irc/weechat/distinfo branches/RELENG_9_1_0/security/vuxml/vuln.xml Directory Properties: branches/RELENG_9_1_0/ (props changed) Modified: branches/RELENG_9_1_0/irc/weechat-devel/Makefile ============================================================================== --- branches/RELENG_9_1_0/irc/weechat-devel/Makefile Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/irc/weechat-devel/Makefile Mon Nov 26 20:55:53 2012 (r307797) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= weechat -PORTVERSION= 20121110 +PORTVERSION= 20121118 CATEGORIES= irc MASTER_SITES= http://perturb.me.uk/distfiles/ \ ${MASTER_SITE_LOCAL} @@ -26,7 +26,7 @@ WANT_PERL= yes LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl \ gcrypt:${PORTSDIR}/security/libgcrypt -GITREV= 7cd376b +GITREV= 57293ff WRKSRC= ${WRKDIR}/${PORTNAME}-${GITREV} # Please note: the DEBUG option is *NOT* empty, it is utilised by Modified: branches/RELENG_9_1_0/irc/weechat-devel/distinfo ============================================================================== --- branches/RELENG_9_1_0/irc/weechat-devel/distinfo Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/irc/weechat-devel/distinfo Mon Nov 26 20:55:53 2012 (r307797) @@ -1,2 +1,2 @@ -SHA256 (weechat-devel-7cd376b.tar.gz) = dd10c1ab81051ec3476ad95a12c4c70cd8161a5f0dbcc7f0659e3d2602a79ef2 -SIZE (weechat-devel-7cd376b.tar.gz) = 2517031 +SHA256 (weechat-devel-57293ff.tar.gz) = c4aa77d7ba73fc2994215ca0ae8527b0661a19d8f9df011983168348fbb257c5 +SIZE (weechat-devel-57293ff.tar.gz) = 2518572 Modified: branches/RELENG_9_1_0/irc/weechat/Makefile ============================================================================== --- branches/RELENG_9_1_0/irc/weechat/Makefile Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/irc/weechat/Makefile Mon Nov 26 20:55:53 2012 (r307797) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= weechat -PORTVERSION= 0.3.9.1 +PORTVERSION= 0.3.9.2 CATEGORIES= irc MASTER_SITES= http://weechat.org/files/src/ Modified: branches/RELENG_9_1_0/irc/weechat/distinfo ============================================================================== --- branches/RELENG_9_1_0/irc/weechat/distinfo Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/irc/weechat/distinfo Mon Nov 26 20:55:53 2012 (r307797) @@ -1,2 +1,2 @@ -SHA256 (weechat-0.3.9.1.tar.gz) = 9a6ad4aacbda9c5524dc519cc8782621d59ba1bf0556e64f5ae4f9102f28b29d -SIZE (weechat-0.3.9.1.tar.gz) = 3756617 +SHA256 (weechat-0.3.9.2.tar.gz) = 03949cfc4cd6b6c1d5b7791804ff54c44f1209d3e753dd48461d67cbb1738c84 +SIZE (weechat-0.3.9.2.tar.gz) = 3757977 Modified: branches/RELENG_9_1_0/security/vuxml/vuln.xml ============================================================================== --- branches/RELENG_9_1_0/security/vuxml/vuln.xml Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/security/vuxml/vuln.xml Mon Nov 26 20:55:53 2012 (r307797) @@ -204,6 +204,40 @@ Note: Please add new entries to the beg </dates> </vuln> + <vuln vid="81826d12-317a-11e2-9186-406186f3d89d"> + <topic>weechat -- Arbitrary shell command execution via scripts</topic> + <affects> + <package> + <name>weechat</name> + <range><ge>0.3.0</ge><lt>0.3.9.2</lt></range> + </package> + <package> + <name>weechat-devel</name> + <range><lt>20121118</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Sebastien Helleu reports:</p> + <blockquote cite="http://weechat.org/security/"> + <p>Untrusted command for function hook_process could lead to + execution of commands, because of shell expansions.</p> + <p>Workaround with a non-patched version: remove/unload all scripts + calling function hook_process (for maximum safety).</p> + </blockquote> + </body> + </description> + <references> + <url>http://weechat.org/security/</url> + <url>https://savannah.nongnu.org/bugs/?37764</url> + </references> + <dates> + <discovery>2012-11-15</discovery> + <entry>2012-11-18</entry> + <modified>2012-11-18</modified> + </dates> + </vuln> + <vuln vid="2b841f88-2e8d-11e2-ad21-20cf30e32f6d"> <topic>bugzilla -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211262055.qAQKtrMj072990>