From owner-cvs-ports@FreeBSD.ORG  Fri Aug 19 23:03:05 2011
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B4393106564A;
	Fri, 19 Aug 2011 23:03:05 +0000 (UTC)
	(envelope-from pgollucci@p6m7g8.com)
Received: from exhub015-1.exch015.msoutlookonline.net
	(exhub015-1.exch015.msoutlookonline.net [207.5.72.93])
	by mx1.freebsd.org (Postfix) with ESMTP id 9DEE38FC12;
	Fri, 19 Aug 2011 23:03:05 +0000 (UTC)
Received: from philip.hq.rws (174.79.184.239) by smtpx15.msoutlookonline.net
	(207.5.72.103) with Microsoft SMTP Server (TLS) id 8.2.254.0;
	Fri, 19 Aug 2011 16:03:04 -0700
Message-ID: <4E4EEBA7.7030609@p6m7g8.com>
Date: Fri, 19 Aug 2011 23:03:03 +0000
From: "Philip M. Gollucci" <pgollucci@p6m7g8.com>
Organization: P6M7G8 Inc.
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.1.16) Gecko/20110507 Thunderbird/3.0.11
MIME-Version: 1.0
To: Xin LI <delphij@FreeBSD.org>
References: <201108191842.p7JIgCd5010612@repoman.freebsd.org>
In-Reply-To: <201108191842.p7JIgCd5010612@repoman.freebsd.org>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2011 23:03:05 -0000

Just update the port, and we'll deal with the pavmail.  I didn't realize
it was security related.


On 08/19/11 18:42, Xin LI wrote:
> delphij     2011-08-19 18:42:12 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     security/vuxml       vuln.xml 
>   Log:
>   Document Rails multiple vulnerabilities.
>   
>   Revision  Changes    Path
>   1.2415    +34 -1     ports/security/vuxml/vuln.xml
> 
> http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.2414&r2=1.2415&f=h
> | --- ports/security/vuxml/vuln.xml	2011/08/19 17:46:10	1.2414
> | +++ ports/security/vuxml/vuln.xml	2011/08/19 18:42:12	1.2415
> | @@ -28,12 +28,45 @@ WHETHER IN CONTRACT, STRICT LIABILITY, O
> |  OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
> |  EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> |  
> | -  $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.2414 2011/08/19 17:46:10 delphij Exp $
> | +  $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.2415 2011/08/19 18:42:12 delphij Exp $
> |  
> |  Note:  Please add new entries to the beginning of this file.
> |  
> |  -->
> |  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> | +  <vuln vid="be77eff6-ca91-11e0-aea3-00215c6a37bb">
> | +    <topic>rubygem-rails -- multiple vulnerabilities</topic>
> | +    <affects>
> | +      <package>
> | +	<name>rubygem-rails</name>
> | +	<range><lt>3.0.10</lt></range>
> | +      </package>
> | +    </affects>
> | +    <description>
> | +      <body xmlns="http://www.w3.org/1999/xhtml">
> | +	<p>SecurityFocus reports:</p>
> | +	<blockquote cite="http://www.securityfocus.com/bid/49179/discuss">
> | +	  <p>Ruby on Rails is prone to multiple vulnerabilities
> | +	    including SQL-injection, information-disclosure,
> | +	    HTTP-header-injection, security-bypass and cross-site
> | +	    scripting issues.</p>
> | +	</blockquote>
> | +      </body>
> | +    </description>
> | +    <references>
> | +      <bid>49179</bid>
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b</url>
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6</url>
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768</url>
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12</url>
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195</url>
> | +    </references>
> | +    <dates>
> | +      <discovery>2011-08-16</discovery>
> | +      <entry>2011-08-19</entry>
> | +    </dates>
> | +  </vuln>
> | +
> |    <vuln vid="0b53f5f7-ca8a-11e0-aea3-00215c6a37bb">
> |      <topic>dovecot -- denial of service vulnerability</topic>
> |      <affects>


-- 
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354
VP Infrastructure,                Apache Software Foundation
Committer,                        FreeBSD Foundation
Consultant,                       P6M7G8 Inc.
Sr. System Admin,                 Ridecharge Inc.

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.