Date: Tue, 14 Nov 2006 22:02:28 +0100 From: Thierry Thomas <thierry@FreeBSD.org> To: Remko Lodder <remko@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, Xin LI <delphij@FreeBSD.org>, cvs-all@FreeBSD.org, "Simon L. Nielsen" <simon@FreeBSD.org>, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <20061114210228.GM24429@graf.pompo.net> In-Reply-To: <455A1592.4060606@FreeBSD.org> References: <200611141657.kAEGvI60088666@repoman.freebsd.org> <20061114171000.GA1014@zaphod.nitro.dk> <455A1592.4060606@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Le Mar 14 nov 06 à 20:14:26 +0100, Remko Lodder <remko@FreeBSD.org> écrivait : > Simon L. Nielsen wrote: > >On 2006.11.14 16:57:17 +0000, Xin LI wrote: > >>delphij 2006-11-14 16:57:17 UTC > >> > >> FreeBSD ports repository > >> > >> Modified files: > >> security/vuxml vuln.xml > >> Log: > >> The Command Injection Vulnerability was corrected by awstats 6.5_2,1. > >> > >> Submitted by: Alex Samorukov > >> PR: ports/105233 > > > >Have you checked that the issues have really been fixed? > > > > That was exactly the reason why I did not mark the entry > as fixed yet... I committed PR ports/104784, because it seems to me that the submitted patch back-ported fixes from the devel version, as advertized by the maintainer. Unfortunately, AWStats is affected by several vulnerabilities, and it's not clear to me which one is concerned by VuXML ID 2df297a2-dc74-11da-a22b-000c6ec775d9. Perhaps should we precise the CVE references and / or add another entry in VuXML? References: - Vendor's explanations: <http://awstats.sourceforge.net/awstats_security_news.php>; - VuXML entry: <http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html>; - PR ports/104784: <http://www.freebsd.org/cgi/query-pr.cgi?pr=104784>; - CVE-2006-3681 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3681>; - Debian's PR with patches & discussion: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364443>; <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909>; Regards, -- Th. Thomas.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061114210228.GM24429>