From owner-svn-ports-all@FreeBSD.ORG Fri Feb 7 10:32:04 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DDB12466; Fri, 7 Feb 2014 10:32:04 +0000 (UTC) Received: from mail.jr-hosting.nl (mail.jr-hosting.nl [78.47.69.234]) by mx1.freebsd.org (Postfix) with ESMTP id 769AD1AE0; Fri, 7 Feb 2014 10:32:04 +0000 (UTC) Received: from [IPv6:2001:7b8:204:3:2958:4669:2c7b:6e5a] (unknown [IPv6:2001:7b8:204:3:2958:4669:2c7b:6e5a]) by mail.jr-hosting.nl (Postfix) with ESMTPSA id CC8443F4A2; Fri, 7 Feb 2014 11:31:56 +0100 (CET) Content-Type: multipart/signed; boundary="Apple-Mail=_6933EADE-0428-452A-ACBB-83F23A81A657"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: svn commit: r343150 - head/security/vuxml From: Remko Lodder In-Reply-To: <201402062039.s16KdVOF016819@svn.freebsd.org> Date: Fri, 7 Feb 2014 11:31:36 +0100 Message-Id: <5E777029-D0FC-42D7-A68A-88135C478766@FreeBSD.org> References: <201402062039.s16KdVOF016819@svn.freebsd.org> To: Carlo Strub X-Mailer: Apple Mail (2.1827) Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Feb 2014 10:32:04 -0000 --Apple-Mail=_6933EADE-0428-452A-ACBB-83F23A81A657 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 06 Feb 2014, at 21:39, Carlo Strub wrote: > Author: cs > Date: Thu Feb 6 20:39:30 2014 > New Revision: 343150 > URL: http://svnweb.freebsd.org/changeset/ports/343150 > QAT: https://qat.redports.org/buildarchive/r343150/ >=20 > Log: > Update VUXML entry on recent otrs vulnerabilities >=20 > Suggested by: remko@ thank you! >=20 > Modified: > head/security/vuxml/vuln.xml >=20 > Modified: head/security/vuxml/vuln.xml > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/security/vuxml/vuln.xml Thu Feb 6 20:34:55 2014 = (r343149) > +++ head/security/vuxml/vuln.xml Thu Feb 6 20:39:30 2014 = (r343150) > @@ -249,11 +249,13 @@ Note: Please add new entries to the beg > >=20 > > - otrs -- SQL injection issue > + otrs -- multiple vulnerabilities > > > otrs > - 3.2.14 > + 3.1.19 > + 3.2.*3.2.14 > + 3.3.*3.3.4 > > > > @@ -262,29 +264,6 @@ Note: Please add new entries to the beg >
>

SQL injection issue

>
> - > -
> - > - CVE-2014-1471 > - = https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/ > - > - > - 2014-01-28 > - 2014-01-28 > - > -
> - > - > - otrs -- CSRF issue in customer web interface > - > - > - otrs > - 3.2.14 > - > - > - > - > -

The OTRS Project reports:

>
>

An attacker that managed to take over the session of a = logged in customer > could create tickets and/or send follow-ups to existing = tickets due to > @@ -293,14 +272,21 @@ Note: Please add new entries to the beg > > > > + CVE-2014-1471 > + = https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/ > = https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-we= b-interface/ > > > 2014-01-28 > 2014-01-28 > + 2014-02-06 > > >=20 > + > + > + > + > > chromium -- multiple vulnerabilities > > _______________________________________________ > svn-ports-all@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/svn-ports-all > To unsubscribe, send any mail to = "svn-ports-all-unsubscribe@freebsd.org" --=20 /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News --Apple-Mail=_6933EADE-0428-452A-ACBB-83F23A81A657 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJS9LYIAAoJEKjD27JZ84ywCckP/jMGSWYWF1RX2fpACDwb1a/w i33yZfiUAW8lapLC+rz8g0i2BqciDRvn9JCEln9UTvhjo/mkWGr86mKME7QpAmnV FibX6uYw9XwpyZa9sMrOleLfZX4HhFELHry47EpIwmaiujHH9k47bfcuFrQ1ZCXH 3MUDUaUK9CqT/19u1GtDaS2gNYKPkgWWmcrmKphEwMJiCGbl/1yxH9/NgGQnSoCO o4nd3fc2RXvwOUPXYahs9auIbMWmYhlCRgCHAgkDnb+EXmJaWBp0+NRQr3Lpy9ue XEWb5RKc+iumI9jUw3roX8/XF7kGKMXxvAUoILfHCAubXH+yPv8YIJguspkEtO2i lMvWv+EGee5p8V2jaa1q21qmdZAjBsF7dI7YF96I5sgIh9Tugrkf4wd2ZadyezWS rFT/kh+bCinhu2h1ZBSJj9i4M5j20AMo/XNtcLYOD4AhHeRy6YgWAOBNtCttZDP4 T4P0qrAhcK4kNa5Zoiw71zeV4+fMYISi7zeS6YXT7pZG447Sit6glgiqjxfNHkWK n0yFm08zF/8j2Kryzc93F3xWPCEIO9XQHSjsIjvv6/Ii9PYen57IHSPfhQCv1xxl 638VslC4zxDHDDPKtLivEE6pkY+grijM1YmChUPKLvitfuAkQ3ZrfZfwUz5RVOfQ nRIZ8Ws5ptpn8UCIi7+g =j+MX -----END PGP SIGNATURE----- --Apple-Mail=_6933EADE-0428-452A-ACBB-83F23A81A657--