From owner-svn-ports-head@FreeBSD.ORG Sat Feb 15 12:10:21 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BFEFAD06; Sat, 15 Feb 2014 12:10:21 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id AB53711C6; Sat, 15 Feb 2014 12:10:21 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s1FCALKa089477; Sat, 15 Feb 2014 12:10:21 GMT (envelope-from matthew@svn.freebsd.org) Received: (from matthew@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s1FCALZS089476; Sat, 15 Feb 2014 12:10:21 GMT (envelope-from matthew@svn.freebsd.org) Message-Id: <201402151210.s1FCALZS089476@svn.freebsd.org> From: Matthew Seaman Date: Sat, 15 Feb 2014 12:10:20 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r344371 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Feb 2014 12:10:21 -0000 Author: matthew Date: Sat Feb 15 12:10:20 2014 New Revision: 344371 URL: http://svnweb.freebsd.org/changeset/ports/344371 QAT: https://qat.redports.org/buildarchive/r344371/ Log: Document the latest PMA security advisory: PMSA-2014-1 The version of PMA currently in ports (since 2014-02-09) is not affected. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Feb 15 11:09:52 2014 (r344370) +++ head/security/vuxml/vuln.xml Sat Feb 15 12:10:20 2014 (r344371) @@ -51,6 +51,34 @@ Note: Please add new entries to the beg --> + + phpMyAdmin -- Self-XSS due to unescaped HTML output in import. + + + phpMyAdmin + 3.3.14.1.7 + + + + +

The phpMyAdmin development team reports:

+
When importing a file with crafted filename, it is + possible to trigger an XSS. We consider this vulnerability + to be non critical.
+

+ + + + http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php + CVE-2014-1879 + + + 2014-02-15 + 2014-02-15 + + + jenkins -- multiple vulnerabilities