From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Jun 21 14:24:05 2015 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1461370B for ; Sun, 21 Jun 2015 14:24:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D8198E12 for ; Sun, 21 Jun 2015 14:24:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t5LEO4vv050532 for ; Sun, 21 Jun 2015 14:24:04 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 200963] [MAINTAINER] net-mgmt/cacti: Update to 0.8.8d, Fix security vulnerabilities Date: Sun, 21 Jun 2015 14:24:04 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: patch, patch-ready, security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jason.unovitch@gmail.com X-Bugzilla-Status: Open X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback+ merge-quarterly? X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jun 2015 14:24:05 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200963 --- Comment #7 from Jason Unovitch --- Created attachment 157927 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=157927&action=edit security/vuxml entry for cacti 0.8.8c and 0.8.8d multiple vulnerabilities (In reply to Daniel Austin from comment #2) Thanks for the info. As it turns out, we missed documenting any of the security advisories from 0.8.8c as the last vuxml was 0.8.8b. Patch attached to document both 0.8.8c and 0.8.8d issues is ready to apply. VALIDATION: # make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cacti-0.8.8b cacti-0.8.8b is vulnerable: cacti -- Multiple XSS and SQL injection vulerabilities CVE: CVE-2015-4342 WWW: https://vuxml.FreeBSD.org/freebsd/a3929112-181b-11e5-a1cf-002590263bf5.html cacti-0.8.8b is vulnerable: cacti -- multiple security vulnerabilities CVE: CVE-2014-5026 CVE: CVE-2014-5025 CVE: CVE-2014-4002 CVE: CVE-2014-2328 CVE: CVE-2014-2327 CVE: CVE-2014-2326 CVE: CVE-2013-5589 CVE: CVE-2013-5588 WWW: https://vuxml.FreeBSD.org/freebsd/a0e74731-181b-11e5-a1cf-002590263bf5.html 1 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cacti-0.8.8c cacti-0.8.8c is vulnerable: cacti -- Multiple XSS and SQL injection vulerabilities CVE: CVE-2015-4342 WWW: https://vuxml.FreeBSD.org/freebsd/a3929112-181b-11e5-a1cf-002590263bf5.html 1 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cacti-0.8.8d 0 problem(s) in the installed packages found. -- You are receiving this mail because: You are the assignee for the bug.