From owner-svn-ports-all@FreeBSD.ORG  Fri Feb  7 10:32:04 2014
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id DDB12466;
 Fri,  7 Feb 2014 10:32:04 +0000 (UTC)
Received: from mail.jr-hosting.nl (mail.jr-hosting.nl [78.47.69.234])
 by mx1.freebsd.org (Postfix) with ESMTP id 769AD1AE0;
 Fri,  7 Feb 2014 10:32:04 +0000 (UTC)
Received: from [IPv6:2001:7b8:204:3:2958:4669:2c7b:6e5a] (unknown
 [IPv6:2001:7b8:204:3:2958:4669:2c7b:6e5a])
 by mail.jr-hosting.nl (Postfix) with ESMTPSA id CC8443F4A2;
 Fri,  7 Feb 2014 11:31:56 +0100 (CET)
Content-Type: multipart/signed;
 boundary="Apple-Mail=_6933EADE-0428-452A-ACBB-83F23A81A657";
 protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
Subject: Re: svn commit: r343150 - head/security/vuxml
From: Remko Lodder <remko@FreeBSD.org>
In-Reply-To: <201402062039.s16KdVOF016819@svn.freebsd.org>
Date: Fri, 7 Feb 2014 11:31:36 +0100
Message-Id: <5E777029-D0FC-42D7-A68A-88135C478766@FreeBSD.org>
References: <201402062039.s16KdVOF016819@svn.freebsd.org>
To: Carlo Strub <cs@FreeBSD.org>
X-Mailer: Apple Mail (2.1827)
Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org,
 ports-committers@freebsd.org
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2014 10:32:04 -0000


--Apple-Mail=_6933EADE-0428-452A-ACBB-83F23A81A657
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


On 06 Feb 2014, at 21:39, Carlo Strub <cs@FreeBSD.org> wrote:

> Author: cs
> Date: Thu Feb  6 20:39:30 2014
> New Revision: 343150
> URL: http://svnweb.freebsd.org/changeset/ports/343150
> QAT: https://qat.redports.org/buildarchive/r343150/
>=20
> Log:
>  Update VUXML entry on recent otrs vulnerabilities
>=20
>  Suggested by:	remko@

thank you!

>=20
> Modified:
>  head/security/vuxml/vuln.xml
>=20
> Modified: head/security/vuxml/vuln.xml
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- head/security/vuxml/vuln.xml	Thu Feb  6 20:34:55 2014	=
(r343149)
> +++ head/security/vuxml/vuln.xml	Thu Feb  6 20:39:30 2014	=
(r343150)
> @@ -249,11 +249,13 @@ Note:  Please add new entries to the beg
>   </vuln>
>=20
>   <vuln vid=3D"c7b5d72b-886a-11e3-9533-60a44c524f57">
> -    <topic>otrs -- SQL injection issue</topic>
> +    <topic>otrs -- multiple vulnerabilities</topic>
>     <affects>
>       <package>
> 	<name>otrs</name>
> -	<range><lt>3.2.14</lt></range>
> +	<range><lt>3.1.19</lt></range>
> +	<range><gt>3.2.*</gt><lt>3.2.14</lt></range>
> +	<range><gt>3.3.*</gt><lt>3.3.4</lt></range>
>       </package>
>     </affects>
>     <description>
> @@ -262,29 +264,6 @@ Note:  Please add new entries to the beg
> 	<blockquote =
cite=3D"https://www.otrs.com/security-advisory-2014-02-sql-injection-issue=
/">
> 	  <p>SQL injection issue</p>
> 	</blockquote>
> -      </body>
> -    </description>
> -    <references>
> -      <cvename>CVE-2014-1471</cvename>
> -      =
<url>https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/</=
url>
> -    </references>
> -    <dates>
> -      <discovery>2014-01-28</discovery>
> -      <entry>2014-01-28</entry>
> -    </dates>
> -  </vuln>
> -
> -  <vuln vid=3D"080c5370-886a-11e3-9533-60a44c524f57">
> -    <topic>otrs -- CSRF issue in customer web interface</topic>
> -    <affects>
> -      <package>
> -	<name>otrs</name>
> -	<range><lt>3.2.14</lt></range>
> -      </package>
> -    </affects>
> -    <description>
> -      <body xmlns=3D"http://www.w3.org/1999/xhtml">
> -	<p>The OTRS Project reports:</p>
> 	<blockquote =
cite=3D"https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer=
-web-interface/">
> 	  <p>An attacker that managed to take over the session of a =
logged in customer
> 	    could create tickets and/or send follow-ups to existing =
tickets due to
> @@ -293,14 +272,21 @@ Note:  Please add new entries to the beg
>       </body>
>     </description>
>     <references>
> +      <cvename>CVE-2014-1471</cvename>
> +      =
<url>https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/</=
url>
>       =
<url>https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-we=
b-interface/</url>
>     </references>
>     <dates>
>       <discovery>2014-01-28</discovery>
>       <entry>2014-01-28</entry>
> +      <modified>2014-02-06</modified>
>     </dates>
>   </vuln>
>=20
> +  <vuln vid=3D"080c5370-886a-11e3-9533-60a44c524f57">
> +    <cancelled superseded=3D"c7b5d72b-886a-11e3-9533-60a44c524f57"/>
> +  </vuln>
> +
>   <vuln vid=3D"f9810c43-87a5-11e3-9214-00262d5ed8ee">
>     <topic>chromium -- multiple vulnerabilities</topic>
>     <affects>
> _______________________________________________
> svn-ports-all@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-ports-all
> To unsubscribe, send any mail to =
"svn-ports-all-unsubscribe@freebsd.org"

--=20

/"\   Best regards,                      | remko@FreeBSD.org
\ /   Remko Lodder                       | remko@EFnet
 X    http://www.evilcoder.org/          |
/ \   ASCII Ribbon Campaign              | Against HTML Mail and News


--Apple-Mail=_6933EADE-0428-452A-ACBB-83F23A81A657
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJS9LYIAAoJEKjD27JZ84ywCckP/jMGSWYWF1RX2fpACDwb1a/w
i33yZfiUAW8lapLC+rz8g0i2BqciDRvn9JCEln9UTvhjo/mkWGr86mKME7QpAmnV
FibX6uYw9XwpyZa9sMrOleLfZX4HhFELHry47EpIwmaiujHH9k47bfcuFrQ1ZCXH
3MUDUaUK9CqT/19u1GtDaS2gNYKPkgWWmcrmKphEwMJiCGbl/1yxH9/NgGQnSoCO
o4nd3fc2RXvwOUPXYahs9auIbMWmYhlCRgCHAgkDnb+EXmJaWBp0+NRQr3Lpy9ue
XEWb5RKc+iumI9jUw3roX8/XF7kGKMXxvAUoILfHCAubXH+yPv8YIJguspkEtO2i
lMvWv+EGee5p8V2jaa1q21qmdZAjBsF7dI7YF96I5sgIh9Tugrkf4wd2ZadyezWS
rFT/kh+bCinhu2h1ZBSJj9i4M5j20AMo/XNtcLYOD4AhHeRy6YgWAOBNtCttZDP4
T4P0qrAhcK4kNa5Zoiw71zeV4+fMYISi7zeS6YXT7pZG447Sit6glgiqjxfNHkWK
n0yFm08zF/8j2Kryzc93F3xWPCEIO9XQHSjsIjvv6/Ii9PYen57IHSPfhQCv1xxl
638VslC4zxDHDDPKtLivEE6pkY+grijM1YmChUPKLvitfuAkQ3ZrfZfwUz5RVOfQ
nRIZ8Ws5ptpn8UCIi7+g
=j+MX
-----END PGP SIGNATURE-----

--Apple-Mail=_6933EADE-0428-452A-ACBB-83F23A81A657--