Date: Fri, 19 Aug 2011 23:03:03 +0000 From: "Philip M. Gollucci" <pgollucci@p6m7g8.com> To: Xin LI <delphij@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <4E4EEBA7.7030609@p6m7g8.com> In-Reply-To: <201108191842.p7JIgCd5010612@repoman.freebsd.org> References: <201108191842.p7JIgCd5010612@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Just update the port, and we'll deal with the pavmail. I didn't realize it was security related. On 08/19/11 18:42, Xin LI wrote: > delphij 2011-08-19 18:42:12 UTC > > FreeBSD ports repository > > Modified files: > security/vuxml vuln.xml > Log: > Document Rails multiple vulnerabilities. > > Revision Changes Path > 1.2415 +34 -1 ports/security/vuxml/vuln.xml > > http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.2414&r2=1.2415&f=h > | --- ports/security/vuxml/vuln.xml 2011/08/19 17:46:10 1.2414 > | +++ ports/security/vuxml/vuln.xml 2011/08/19 18:42:12 1.2415 > | @@ -28,12 +28,45 @@ WHETHER IN CONTRACT, STRICT LIABILITY, O > | OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, > | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > | > | - $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.2414 2011/08/19 17:46:10 delphij Exp $ > | + $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.2415 2011/08/19 18:42:12 delphij Exp $ > | > | Note: Please add new entries to the beginning of this file. > | > | --> > | <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; > | + <vuln vid="be77eff6-ca91-11e0-aea3-00215c6a37bb"> > | + <topic>rubygem-rails -- multiple vulnerabilities</topic> > | + <affects> > | + <package> > | + <name>rubygem-rails</name> > | + <range><lt>3.0.10</lt></range> > | + </package> > | + </affects> > | + <description> > | + <body xmlns="http://www.w3.org/1999/xhtml">; > | + <p>SecurityFocus reports:</p> > | + <blockquote cite="http://www.securityfocus.com/bid/49179/discuss">; > | + <p>Ruby on Rails is prone to multiple vulnerabilities > | + including SQL-injection, information-disclosure, > | + HTTP-header-injection, security-bypass and cross-site > | + scripting issues.</p> > | + </blockquote> > | + </body> > | + </description> > | + <references> > | + <bid>49179</bid> > | + <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b</url>; > | + <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6</url>; > | + <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768</url>; > | + <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12</url>; > | + <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195</url>; > | + </references> > | + <dates> > | + <discovery>2011-08-16</discovery> > | + <entry>2011-08-19</entry> > | + </dates> > | + </vuln> > | + > | <vuln vid="0b53f5f7-ca8a-11e0-aea3-00215c6a37bb"> > | <topic>dovecot -- denial of service vulnerability</topic> > | <affects> -- ------------------------------------------------------------------------ 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 VP Infrastructure, Apache Software Foundation Committer, FreeBSD Foundation Consultant, P6M7G8 Inc. Sr. System Admin, Ridecharge Inc. Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E4EEBA7.7030609>