From owner-svn-ports-all@freebsd.org Fri Jan 31 20:22:23 2020 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 294D31EBBD7; Fri, 31 Jan 2020 20:22:23 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 488TCz0GYlz4BNN; Fri, 31 Jan 2020 20:22:23 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 042921B929; Fri, 31 Jan 2020 20:22:23 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 00VKMMJf086396; Fri, 31 Jan 2020 20:22:22 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 00VKMMOh086116; Fri, 31 Jan 2020 20:22:22 GMT (envelope-from cy@FreeBSD.org) Message-Id: <202001312022.00VKMMOh086116@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Fri, 31 Jan 2020 20:22:22 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r524742 - head/security/vuxml X-SVN-Group: ports-head X-SVN-Commit-Author: cy X-SVN-Commit-Paths: head/security/vuxml X-SVN-Commit-Revision: 524742 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Jan 2020 20:22:23 -0000 Author: cy Date: Fri Jan 31 20:22:22 2020 New Revision: 524742 URL: https://svnweb.freebsd.org/changeset/ports/524742 Log: Remove my older entry for CVE-2020-1931. The subequent entry by zeising@ is better. Whitespace adjustment. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jan 31 19:10:39 2020 (r524741) +++ head/security/vuxml/vuln.xml Fri Jan 31 20:22:22 2020 (r524742) @@ -74,7 +74,7 @@ Notes: run system commands. This issue is less stealthy and attempts to exploit the issue will throw warnings.

Thanks to Damian Lukowski at credativ for reporting the issue - ethically. With this bug unpatched, exploits can be injected in a + ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted @@ -190,36 +190,6 @@ Notes: 2020-01-30 2020-01-31 - - - - - spamassassin -- Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings - - - spamassassin - 3.4.4 - - - - -

the Apache Spamassassin project reports:

-
-

nefarious rule configuration (.cf) files can be configured to - run system commands similar to CVE-2018-11805. This issue - is less stealthy and attempts to exploit the issue will throw - warnings.

-
- - - - https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1931 - CVE-2020-1931 - - - 2020-01-30 - 2020-01-30