Date: Fri, 7 Feb 2014 11:31:36 +0100 From: Remko Lodder <remko@FreeBSD.org> To: Carlo Strub <cs@FreeBSD.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r343150 - head/security/vuxml Message-ID: <5E777029-D0FC-42D7-A68A-88135C478766@FreeBSD.org> In-Reply-To: <201402062039.s16KdVOF016819@svn.freebsd.org> References: <201402062039.s16KdVOF016819@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_6933EADE-0428-452A-ACBB-83F23A81A657 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 06 Feb 2014, at 21:39, Carlo Strub <cs@FreeBSD.org> wrote: > Author: cs > Date: Thu Feb 6 20:39:30 2014 > New Revision: 343150 > URL: http://svnweb.freebsd.org/changeset/ports/343150 > QAT: https://qat.redports.org/buildarchive/r343150/ >=20 > Log: > Update VUXML entry on recent otrs vulnerabilities >=20 > Suggested by: remko@ thank you! >=20 > Modified: > head/security/vuxml/vuln.xml >=20 > Modified: head/security/vuxml/vuln.xml > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/security/vuxml/vuln.xml Thu Feb 6 20:34:55 2014 = (r343149) > +++ head/security/vuxml/vuln.xml Thu Feb 6 20:39:30 2014 = (r343150) > @@ -249,11 +249,13 @@ Note: Please add new entries to the beg > </vuln> >=20 > <vuln vid=3D"c7b5d72b-886a-11e3-9533-60a44c524f57"> > - <topic>otrs -- SQL injection issue</topic> > + <topic>otrs -- multiple vulnerabilities</topic> > <affects> > <package> > <name>otrs</name> > - <range><lt>3.2.14</lt></range> > + <range><lt>3.1.19</lt></range> > + <range><gt>3.2.*</gt><lt>3.2.14</lt></range> > + <range><gt>3.3.*</gt><lt>3.3.4</lt></range> > </package> > </affects> > <description> > @@ -262,29 +264,6 @@ Note: Please add new entries to the beg > <blockquote = cite=3D"https://www.otrs.com/security-advisory-2014-02-sql-injection-issue= /"> > <p>SQL injection issue</p> > </blockquote> > - </body> > - </description> > - <references> > - <cvename>CVE-2014-1471</cvename> > - = <url>https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/</= url> > - </references> > - <dates> > - <discovery>2014-01-28</discovery> > - <entry>2014-01-28</entry> > - </dates> > - </vuln> > - > - <vuln vid=3D"080c5370-886a-11e3-9533-60a44c524f57"> > - <topic>otrs -- CSRF issue in customer web interface</topic> > - <affects> > - <package> > - <name>otrs</name> > - <range><lt>3.2.14</lt></range> > - </package> > - </affects> > - <description> > - <body xmlns=3D"http://www.w3.org/1999/xhtml">; > - <p>The OTRS Project reports:</p> > <blockquote = cite=3D"https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer= -web-interface/"> > <p>An attacker that managed to take over the session of a = logged in customer > could create tickets and/or send follow-ups to existing = tickets due to > @@ -293,14 +272,21 @@ Note: Please add new entries to the beg > </body> > </description> > <references> > + <cvename>CVE-2014-1471</cvename> > + = <url>https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/</= url> > = <url>https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-we= b-interface/</url> > </references> > <dates> > <discovery>2014-01-28</discovery> > <entry>2014-01-28</entry> > + <modified>2014-02-06</modified> > </dates> > </vuln> >=20 > + <vuln vid=3D"080c5370-886a-11e3-9533-60a44c524f57"> > + <cancelled superseded=3D"c7b5d72b-886a-11e3-9533-60a44c524f57"/> > + </vuln> > + > <vuln vid=3D"f9810c43-87a5-11e3-9214-00262d5ed8ee"> > <topic>chromium -- multiple vulnerabilities</topic> > <affects> > _______________________________________________ > svn-ports-all@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/svn-ports-all > To unsubscribe, send any mail to = "svn-ports-all-unsubscribe@freebsd.org" --=20 /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News --Apple-Mail=_6933EADE-0428-452A-ACBB-83F23A81A657 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJS9LYIAAoJEKjD27JZ84ywCckP/jMGSWYWF1RX2fpACDwb1a/w i33yZfiUAW8lapLC+rz8g0i2BqciDRvn9JCEln9UTvhjo/mkWGr86mKME7QpAmnV FibX6uYw9XwpyZa9sMrOleLfZX4HhFELHry47EpIwmaiujHH9k47bfcuFrQ1ZCXH 3MUDUaUK9CqT/19u1GtDaS2gNYKPkgWWmcrmKphEwMJiCGbl/1yxH9/NgGQnSoCO o4nd3fc2RXvwOUPXYahs9auIbMWmYhlCRgCHAgkDnb+EXmJaWBp0+NRQr3Lpy9ue XEWb5RKc+iumI9jUw3roX8/XF7kGKMXxvAUoILfHCAubXH+yPv8YIJguspkEtO2i lMvWv+EGee5p8V2jaa1q21qmdZAjBsF7dI7YF96I5sgIh9Tugrkf4wd2ZadyezWS rFT/kh+bCinhu2h1ZBSJj9i4M5j20AMo/XNtcLYOD4AhHeRy6YgWAOBNtCttZDP4 T4P0qrAhcK4kNa5Zoiw71zeV4+fMYISi7zeS6YXT7pZG447Sit6glgiqjxfNHkWK n0yFm08zF/8j2Kryzc93F3xWPCEIO9XQHSjsIjvv6/Ii9PYen57IHSPfhQCv1xxl 638VslC4zxDHDDPKtLivEE6pkY+grijM1YmChUPKLvitfuAkQ3ZrfZfwUz5RVOfQ nRIZ8Ws5ptpn8UCIi7+g =j+MX -----END PGP SIGNATURE----- --Apple-Mail=_6933EADE-0428-452A-ACBB-83F23A81A657--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5E777029-D0FC-42D7-A68A-88135C478766>