Date: Sun, 14 Aug 2016 08:33:15 +0000 (UTC) From: =?UTF-8?Q?Romain_Tarti=c3=a8re?= <romain@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r420182 - head/security/vuxml Message-ID: <201608140833.u7E8XFBH011536@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: romain Date: Sun Aug 14 08:33:15 2016 New Revision: 420182 URL: https://svnweb.freebsd.org/changeset/ports/420182 Log: Add entry for CVE-2015-7331 mcollective-puppet-agent -- Remote Code Execution in mcollective-puppet-agent plugin Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Aug 14 07:40:16 2016 (r420181) +++ head/security/vuxml/vuln.xml Sun Aug 14 08:33:15 2016 (r420182) @@ -58,6 +58,32 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="df502a2f-61f6-11e6-a461-643150d3111d"> + <topic>mcollective-puppet-agent -- Remote Code Execution in mcollective-puppet-agent plugin</topic> + <affects> + <package> + <name>mcollective-puppet-agent</name> + <range><lt>1.11.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Puppet reports:</p> + <blockquote cite="https://puppet.com/security/cve/cve-2015-7331">; + <p>Puppet Enterprise previously included a puppet-agent MCollective plugin that allowed you to pass the `--server` argument to MCollective. This insecure argument enabled remote code execution via connection to an untrusted host. The puppet-agent MCollective version included in PE 2016.2.1, this option is disabled by default.</p> + </blockquote> + </body> + </description> + <references> + <url>https://puppet.com/security/cve/cve-2015-7331</url>; + <cvename>CVE-2015-7331</cvename> + </references> + <dates> + <discovery>2016-08-09</discovery> + <entry>2016-08-15</entry> + </dates> + </vuln> + <vuln vid="7d4f4955-600a-11e6-a6c3-14dae9d210b8"> <topic>FreeBSD -- Heap vulnerability in bspatch</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608140833.u7E8XFBH011536>