From owner-svn-ports-head@FreeBSD.ORG Tue Jan 28 07:27:51 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 62EFA6F0; Tue, 28 Jan 2014 07:27:51 +0000 (UTC) Received: from mail.jr-hosting.nl (mail.jr-hosting.nl [78.47.69.234]) by mx1.freebsd.org (Postfix) with ESMTP id F389B1057; Tue, 28 Jan 2014 07:27:50 +0000 (UTC) Received: from scn-lan63.snowcn.snow.nl (gw.snow.nl [213.154.248.74]) by mail.jr-hosting.nl (Postfix) with ESMTPSA id 804233F64D; Tue, 28 Jan 2014 08:27:42 +0100 (CET) Content-Type: multipart/signed; boundary="Apple-Mail=_3CE3253F-4734-44DD-AA2A-B03F401FA6FC"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: svn commit: r341466 - head/security/vuxml From: Remko Lodder In-Reply-To: <201401272246.s0RMkcXA043615@svn.freebsd.org> Date: Tue, 28 Jan 2014 08:27:41 +0100 Message-Id: References: <201401272246.s0RMkcXA043615@svn.freebsd.org> To: Matthew Seaman X-Mailer: Apple Mail (2.1827) Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jan 2014 07:27:51 -0000 --Apple-Mail=_3CE3253F-4734-44DD-AA2A-B03F401FA6FC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 27 Jan 2014, at 23:46, Matthew Seaman wrote: > Author: matthew > Date: Mon Jan 27 22:46:38 2014 > New Revision: 341466 > URL: http://svnweb.freebsd.org/changeset/ports/341466 > QAT: https://qat.redports.org/buildarchive/r341466/ >=20 > Log: > Formatting fixes >=20 > Submitted by: remko Thank you!! :-) Remko >=20 > Modified: > head/security/vuxml/vuln.xml >=20 > Modified: head/security/vuxml/vuln.xml > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/security/vuxml/vuln.xml Mon Jan 27 22:19:40 2014 = (r341465) > +++ head/security/vuxml/vuln.xml Mon Jan 27 22:46:38 2014 = (r341466) > @@ -68,26 +68,26 @@ Note: Please add new entries to the beg >

The RT development team reports:

>
>

Versions of RT between 4.2.0 and 4.2.2 (inclusive) are > - vulnerable to a denial-of-service attack via the email > - gateway; any installation which accepts mail from untrusted > - sources is vulnerable, regardless of the permissions > - configuration inside RT. This vulnerability is assigned > - CVE-2014-1474.

> + vulnerable to a denial-of-service attack via the email > + gateway; any installation which accepts mail from untrusted > + sources is vulnerable, regardless of the permissions > + configuration inside RT. This vulnerability is assigned > + CVE-2014-1474.

>

This vulnerability is caused by poor parsing performance > - in the Email::Address::List module, which RT depends on. We > - recommend that affected users upgrade their version of > - Email::Address::List to v0.02 or above, which resolves the > - issue. Due to a communications mishap, the release on CPAN > - will temporarily appear as "unauthorized," and the > - command-line cpan client will hence not install it. We > - expect this to be resolved shortly; in the meantime, the > - release is also available from our server.

> + in the Email::Address::List module, which RT depends on. We > + recommend that affected users upgrade their version of > + Email::Address::List to v0.02 or above, which resolves the > + issue. Due to a communications mishap, the release on CPAN > + will temporarily appear as "unauthorized," and the > + command-line cpan client will hence not install it. We > + expect this to be resolved shortly; in the meantime, the > + release is also available from our server.

>
> > > > - = http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42= .html > CVE-2014-1474 > + = http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42= .html > > > 2014-01-27 > _______________________________________________ > svn-ports-all@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/svn-ports-all > To unsubscribe, send any mail to = "svn-ports-all-unsubscribe@freebsd.org" --=20 /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News --Apple-Mail=_3CE3253F-4734-44DD-AA2A-B03F401FA6FC Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJS51vtAAoJEKjD27JZ84ywV7UP/i7pyN8vbSFoXSercAf2bfb8 YugZk+srjImcHefhPW97hdnb6V03BihpxdLCsNAPUBQMBCdGRlAHy1Ita1MexY65 Lw/nQcgS0eGiEs5ZJhTZ8OuxOGXVF2uJh0/jl9LTllniTrys4QqKYlAKE3ooCL3V UCHXPOuwEJ3cnjx0DdFJwP8A+1TlML7EVLeDagUVxlk5cMbL4+c34vVk+qSg3Er3 3SKhhAO8C4FlP112eLqwzzSnB5wru4EaprE6xBeqxduQ/iaA06cyoUa6xpezbgAF B/x381VrYTcxounSmwK3A4cFqxZzUKOGc7UtLlMa4elmCvhrYVWGHPZvIzmWEY0Z d6zFfjN6T/v2lFGQxOShhmRmCYmnwrJ+0t9cIWjovEMS0+yMYw9PaIegRTWlrOfn l8yys2+2fvjIVk3o2Bczz9KbluRFkm1pxQSZJVpRNXYlBJ6P+roVTN9FfYJSfF/U WbiQSm/K4vFvUCwoP7YlRaxSY0pM8nndzBbAm6SWdleW7WdYzUeOR8fqRsor/AoD Wc7erEcUf8w5GizWacf6KrNqsCy5u1FdUdJQd/fq32u8Ri/wvbnECV4awi2jz1DE q1GagWsz6aKlvpWuPI5E2AX9P1uARukn+7MoHasAql+dYeQMtXJ6jK+0HBifk5Y1 6h9mW05eSnm4nm564soW =KJxy -----END PGP SIGNATURE----- --Apple-Mail=_3CE3253F-4734-44DD-AA2A-B03F401FA6FC--