From owner-svn-ports-all@FreeBSD.ORG Sun Oct 27 19:48:57 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 4D3A7DB7; Sun, 27 Oct 2013 19:48:57 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from mail.jr-hosting.nl (mail.jr-hosting.nl [IPv6:2a01:4f8:141:5ffd::25]) by mx1.freebsd.org (Postfix) with ESMTP id C845028F4; Sun, 27 Oct 2013 19:48:56 +0000 (UTC) Received: from [10.0.2.17] (a44084.upc-a.chello.nl [62.163.44.84]) by mail.jr-hosting.nl (Postfix) with ESMTPSA id 4DC9E38B1008; Sun, 27 Oct 2013 20:48:51 +0100 (CET) Content-Type: multipart/signed; boundary="Apple-Mail=_FD6DDAC1-8737-4A4F-B58C-1FB116535BB1"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1816\)) Subject: Re: svn commit: r331796 - head/security/vuxml From: Remko Lodder In-Reply-To: <201310271819.r9RIJG9x076079@svn.freebsd.org> Date: Sun, 27 Oct 2013 20:48:50 +0100 Message-Id: <0EEA6447-422B-4FF3-A3EE-50A2F23493D2@FreeBSD.org> References: <201310271819.r9RIJG9x076079@svn.freebsd.org> To: Sunpoet Po-Chuan Hsieh X-Mailer: Apple Mail (2.1816) Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Oct 2013 19:48:57 -0000 --Apple-Mail=_FD6DDAC1-8737-4A4F-B58C-1FB116535BB1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 27 Oct 2013, at 19:19, Sunpoet Po-Chuan Hsieh = wrote: > Author: sunpoet > Date: Sun Oct 27 18:19:16 2013 > New Revision: 331796 > URL: http://svnweb.freebsd.org/changeset/ports/331796 >=20 > Log: > - Revert previous commit This cannot happen.=20 24741 $ 24742 $ 24743 $ Something like that should have been done=85 Can you please update it as such? Also, why is this being reverted? The = commit message does not state that, and there are issues within Wordpress (occasionally) so it does = not seem unreasonable something like below is actually a problem within Wordpress? Thanks Remko >=20 > Modified: > head/security/vuxml/vuln.xml >=20 > Modified: head/security/vuxml/vuln.xml > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/security/vuxml/vuln.xml Sun Oct 27 18:19:13 2013 = (r331795) > +++ head/security/vuxml/vuln.xml Sun Oct 27 18:19:16 2013 = (r331796) > @@ -51,39 +51,6 @@ Note: Please add new entries to the beg >=20 > --> > > - > - WordPress -- Cross-site scripting vulnerability > - > - > - de-wordpress > - ja-wordpress > - ru-wordpress > - wordpress > - zh-wordpress-zh_CN > - zh-wordpress-zh_TW > - 3.7 > - > - > - > - > -

iBliss Security Advisory:

> -
= > -

The walkthrouth web page does not validate the step = parameter leading to=20 > - a Cross-site scripting flaw. An no authenticated user is = required to=20 > - exploit these security flaws.

> -
> - > -
> - > - CVE-2013-5711 > - = http://wordpress.org/plugins/design-approval-system/other_notes/ > - > - > - 2013-09-09 > - 2013-10-27 > - > -
> - > > gnutls -- denial of service > > _______________________________________________ > svn-ports-all@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/svn-ports-all > To unsubscribe, send any mail to = "svn-ports-all-unsubscribe@freebsd.org" --=20 /"\ With kind regards, | remko@elvandar.org \ / Remko Lodder | remko@FreeBSD.org X FreeBSD | = http://www.evilcoder.org / \ The Power to Serve | Quis custodiet ipsos custodes --Apple-Mail=_FD6DDAC1-8737-4A4F-B58C-1FB116535BB1 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSbW4iAAoJEKjD27JZ84ywzz4P/jV0e8StTuGC0b4JVh/o0I2i SgUm7j/zyVFBK1dyJBhicUqld0RXV9aOaE+/qer091Va1p3PGHN+qTB7mOv0djrh +PLjDIha1Pu5Rwgs9ZGGfPfKm5G+IW7x9DcZeeb2aCgQQs1uV4BBsTGS2bMaBV3+ 3W6q1m48hjzSLBGUAk/tIm7t/cWFAsG3Q0K1no0ZUwnDOYFry/1YRQJcIYJGe6gG N8OWxp1d0jMkxWbuQ5vfkqwZEHlTO16oXi9RhC4WH8PpPl1b2cHXLxDKlNVoWrEa N368GQLqvtByLGzzkT2sZnsX3BXdPZ5+vLhzP6mnjRVYSuupK1GT/kIXFu89il5k lkgjElAsliV+/FhR4U1LVUbDO+sGjVcRO1Z1eqRCoJXwqkHGeV3exWeewXrbzuaY CPKG5sKr55IPOgH7h1WjqnlXOYvt79vDY0G3/dsrBrDLxGCEX/tr2edZ4vOequmZ N8Pz40jXITeDUzC5nHdIY5K5HBl9hCjDXnh/iH3HYB/BdGq2tft6Wj54VuXMrEQX vEGhwrvoj7Q5P3jLSvUiREnQI2BnEhxaEbf4V3MdXG8m8M6o2E38pDd6rnaho8Er sWxh/l/mg6wGsnzudMmViAweA2Fgl1PnsYQH10IktfMKn32aURJgyD/IuFnUaIf7 7IQ5yaiRmQ2AIQi4+Xok =x1rw -----END PGP SIGNATURE----- --Apple-Mail=_FD6DDAC1-8737-4A4F-B58C-1FB116535BB1--