Date: Tue, 20 Apr 2010 14:27:22 GMT From: niels <niels@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/145885: [security] www/e107 XSS and code execution Message-ID: <201004201427.o3KERMNc080395@www.freebsd.org> Resent-Message-ID: <201004201430.o3KEU5iF038193@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 145885 >Category: ports >Synopsis: [security] www/e107 XSS and code execution >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Apr 20 14:30:05 UTC 2010 >Closed-Date: >Last-Modified: >Originator: niels >Release: 8.0-STABLE >Organization: >Environment: >Description: Two serious issues affect this port (which is at version 0.7.15). You can find the descriptions in the following advisories: http://seclists.org/bugtraq/2010/Apr/156 http://seclists.org/bugtraq/2010/Apr/160 >How-To-Repeat: N/A >Fix: Upgrade port to version 0.7.20 with the following patch: http://people.freebsd.org/~niels/ports/diffs/e107-0.7.20.diff Tinderbox test log: http://freebsd.heinen.ws/tb/logs/8.0-STABLE/e107-0.7.20.log NOTE: No functional tests have been performed! >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201004201427.o3KERMNc080395>