Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 23 Mar 2009 15:06:19 +0000 (UTC)
From:      Martin Wilke <miwi@FreeBSD.org>
To:        ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: ports/net-mgmt/zabbix Makefile pkg-plist ports/net-mgmt/zabbix/files patch-USH-162.1 patch-USH-162.2 ports/net-mgmt/zabbix-agent Makefile
Message-ID:  <200903231506.n2NF6KsN025467@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 

miwi        2009-03-23 15:06:19 UTC

  FreeBSD ports repository

  Modified files:
    net-mgmt/zabbix      Makefile pkg-plist 
    net-mgmt/zabbix-agent Makefile 
  Added files:
    net-mgmt/zabbix/files patch-USH-162.1 patch-USH-162.2 
  Log:
  - Fix zabbix -- php frontend multiple vulnerabilities
  
  Note:
  
          Input appended to and passed via the "extlang" parameter to the "calc_exp2()"
          function in include/validate.inc.php is not properly sanitised before being
          used. This can be exploited to inject and execute arbitrary PHP code.
  
          The application allows users to perform certain actions via HTTP requests
          without performing any validity checks to verify the requests. This can be
          exploited to e.g. create users by enticing a logged in administrator to
          visit a malicious web page.
  
          Input passed to the "srclang" parameter in locales.php (when "next" is set
          to a non-NULL value) is not properly verified before being used to include
          files. This can be exploited to include arbitrary files from local resources
          via directory traversal attacks and URL-encoded NULL bytes.
  
  - Bump PORTREVISION
  
  PR:             132944
  Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> (many thanks!)
  Approved by:    maintainer timeout (security 1 day)
  Security:       http://www.vuxml.org/freebsd/03140526-1250-11de-a964-0030843d3802.html
  
  Revision  Changes    Path
  1.25      +1 -2      ports/net-mgmt/zabbix-agent/Makefile
  1.61      +2 -2      ports/net-mgmt/zabbix/Makefile
  1.1       +135 -0    ports/net-mgmt/zabbix/files/patch-USH-162.1 (new)
  1.1       +2622 -0   ports/net-mgmt/zabbix/files/patch-USH-162.2 (new)
  1.20      +2 -2      ports/net-mgmt/zabbix/pkg-plist

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200903231506.n2NF6KsN025467>