Date: Wed, 28 Aug 2013 10:38:40 +0200 (CEST) From: Rodrigo (ros) OSORIO <rodrigo@bebik.net> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/181606: vuxml database update - cati vulnerabilities have been discovered Message-ID: <20130828083840.2DB0C800A5C@oldfaithful.bebik.local> Resent-Message-ID: <201308280850.r7S8o05w049185@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 181606 >Category: ports >Synopsis: vuxml database update - cati vulnerabilities have been discovered >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Aug 28 08:50:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Rodrigo (ros) OSORIO >Release: FreeBSD 9.0-RELEASE amd64 >Organization: >Environment: System: FreeBSD sisko 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: >How-To-Repeat: >Fix: --- vuxml.diff begins here --- Index: vuln.xml =================================================================== --- vuln.xml (revision 325514) +++ vuln.xml (working copy) @@ -51,6 +51,35 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="b3b8d491-0fbb-11e3-8c50-1c6f65c11ee6"> + <topic>cacti -- allow remote attackers to execute arbitrary SQL commands</topic> + <affects> + <package> + <name>cacti</name> + <range><lt>0.8.8b</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Cacti release reports:</p> + <blockquote cite="http://www.cacti.net/release_notes_0_8_8b.php">; + <p>Multiple security vulnerabilities have been fixed:</p> + <ul> + <li>SQL injection vulnerabilities</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-1434</cvename> + <url>http://www.cacti.net/release_notes_0_8_8b.php</url>; + </references> + <dates> + <discovery>2013-08-23</discovery> + <entry>2013-08-28</entry> + </dates> + </vuln> + <vuln vid="ae651a4b-0a42-11e3-ba52-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects> --- vuxml.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130828083840.2DB0C800A5C>