From owner-freebsd-vuxml@FreeBSD.ORG Sat Apr 1 04:06:04 2006 Return-Path: X-Original-To: freebsd-vuxml@freebsd.org Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F08BC16A425 for ; Sat, 1 Apr 2006 04:06:04 +0000 (UTC) (envelope-from dan@langille.org) Received: from m21.unixathome.org (m21.unixathome.org [205.150.199.217]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F98943D45 for ; Sat, 1 Apr 2006 04:06:04 +0000 (GMT) (envelope-from dan@langille.org) Received: from localhost (localhost [205.150.199.217]) by m21.unixathome.org (Postfix) with ESMTP id B7021C370 for ; Fri, 31 Mar 2006 23:06:03 -0500 (EST) Received: from m21.unixathome.org ([205.150.199.217]) by localhost (m21.unixathome.org [205.150.199.217]) (amavisd-new, port 10024) with ESMTP id 16773-05 for ; Fri, 31 Mar 2006 23:06:00 -0500 (EST) Received: from bast.unixathome.org (bast.unixathome.org [70.26.229.230]) by m21.unixathome.org (Postfix) with ESMTP id 4EA3BBF9B for ; Fri, 31 Mar 2006 23:06:00 -0500 (EST) Received: from [10.55.0.99] (wocker.unixathome.org [10.55.0.99]) by bast.unixathome.org (Postfix) with ESMTP id C0E5EB820 for ; Fri, 31 Mar 2006 23:05:59 -0500 (EST) From: "Dan Langille" To: freebsd-vuxml@freebsd.org Date: Fri, 31 Mar 2006 23:05:59 -0500 MIME-Version: 1.0 Message-ID: <442DB5D7.30037.301FFEF@dan.langille.org> Priority: normal X-mailer: Pegasus Mail for Windows (4.31) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at unixathome.org Subject: mantis problems fixed X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Apr 2006 04:06:05 -0000 Hi folks, I've been finding out that a couple of mantis-related problems have been fixed: http://www.freebsd.org/ports/portaudit/82a41084-6ce7-11da-b90c- 000e0c2e438a.html has been fixed here: http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/bug_sponsorshi p_list_view_inc.php?rev=1.13&view=log Fixed #6273: File Inclusion Vulnerability And: http://www.FreeBSD.org/ports/portaudit/6e3b12e2-6ce3-11da-b90c- 000e0c2e438a.html is here: http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/core/filter_ap i.php?rev=1.138&view=log fix for 0006436: code injection - fixed 1 possible code injection and 2 XSS injections Could someone update the vuxml db please? I'd like to put mantis back into the tree. -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php From owner-freebsd-vuxml@FreeBSD.ORG Sat Apr 1 12:20:33 2006 Return-Path: X-Original-To: freebsd-vuxml@freebsd.org Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43DC416A420 for ; Sat, 1 Apr 2006 12:20:33 +0000 (UTC) (envelope-from dan@langille.org) Received: from m21.unixathome.org (m21.unixathome.org [205.150.199.217]) by mx1.FreeBSD.org (Postfix) with ESMTP id 173B543D49 for ; Sat, 1 Apr 2006 12:20:32 +0000 (GMT) (envelope-from dan@langille.org) Received: from localhost (localhost [205.150.199.217]) by m21.unixathome.org (Postfix) with ESMTP id 867F9BF9B for ; Sat, 1 Apr 2006 07:20:31 -0500 (EST) Received: from m21.unixathome.org ([205.150.199.217]) by localhost (m21.unixathome.org [205.150.199.217]) (amavisd-new, port 10024) with ESMTP id 07664-06 for ; Sat, 1 Apr 2006 07:20:26 -0500 (EST) Received: from bast.unixathome.org (bast.unixathome.org [70.26.229.230]) by m21.unixathome.org (Postfix) with ESMTP id 96E38C370 for ; Sat, 1 Apr 2006 07:20:24 -0500 (EST) Received: from [10.55.0.99] (wocker.unixathome.org [10.55.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 3FDAEB822 for ; Sat, 1 Apr 2006 07:20:24 -0500 (EST) From: "Dan Langille" To: freebsd-vuxml@freebsd.org Date: Sat, 01 Apr 2006 07:20:24 -0500 MIME-Version: 1.0 Message-ID: <442E29B8.11496.4C6A495@dan.langille.org> Priority: normal In-reply-to: <442DB5D7.30037.301FFEF@dan.langille.org> X-mailer: Pegasus Mail for Windows (4.31) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at unixathome.org Subject: Re: mantis problems fixed X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Apr 2006 12:20:33 -0000 On 31 Mar 2006 at 23:05, Dan Langille wrote: > Hi folks, > > I've been finding out that a couple of mantis-related problems > have been fixed: > > http://www.freebsd.org/ports/portaudit/82a41084-6ce7-11da-b90c- > 000e0c2e438a.html > > has been fixed here: > > http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/bug_sponsorshi > p_list_view_inc.php?rev=1.13&view=log > Fixed #6273: File Inclusion Vulnerability > > > And: http://www.FreeBSD.org/ports/portaudit/6e3b12e2-6ce3-11da-b90c- > 000e0c2e438a.html > > is here: > http://cvs.sourceforge.net/viewcvs.py/mantisbt/mantisbt/core/filter_ap > i.php?rev=1.138&view=log > > fix for 0006436: code injection > - fixed 1 possible code injection and 2 XSS injections > > Could someone update the vuxml db please? I'd like to > put mantis back into the tree. This just came to hand: http://www.frsirt.com/english/advisories/2006/1184 -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php