Date: Fri, 31 Jan 2020 20:22:22 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r524742 - head/security/vuxml Message-ID: <202001312022.00VKMMOh086116@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Fri Jan 31 20:22:22 2020 New Revision: 524742 URL: https://svnweb.freebsd.org/changeset/ports/524742 Log: Remove my older entry for CVE-2020-1931. The subequent entry by zeising@ is better. Whitespace adjustment. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jan 31 19:10:39 2020 (r524741) +++ head/security/vuxml/vuln.xml Fri Jan 31 20:22:22 2020 (r524742) @@ -74,7 +74,7 @@ Notes: run system commands. This issue is less stealthy and attempts to exploit the issue will throw warnings.</p> <p>Thanks to Damian Lukowski at credativ for reporting the issue - ethically. With this bug unpatched, exploits can be injected in a + ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted @@ -190,36 +190,6 @@ Notes: <dates> <discovery>2020-01-30</discovery> <entry>2020-01-31</entry> - </dates> - </vuln> - - <vuln vid="e3404a6e-4364-11ea-b643-206a8a720317"> - <topic>spamassassin -- Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings</topic> - <affects> - <package> - <name>spamassassin</name> - <range><lt>3.4.4</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>the Apache Spamassassin project reports:</p> - <blockquote cite="https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt">; - <p>nefarious rule configuration (.cf) files can be configured to - run system commands similar to CVE-2018-11805. This issue - is less stealthy and attempts to exploit the issue will throw - warnings.</p> - </blockquote> - </body> - </description> - <references> - <url>https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt</url>; - <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1931</url>; - <cvename>CVE-2020-1931</cvename> - </references> - <dates> - <discovery>2020-01-30</discovery> - <entry>2020-01-30</entry> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001312022.00VKMMOh086116>