Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 29 Sep 2010 07:40:04 GMT
From:      Florian Smeets <flo@smeets.im>
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   Re: ports/151055: [MAINTAINER] [security] www/phpmyfaq: update to 2.6.9, fix XSS vulnerability
Message-ID:  <201009290740.o8T7e42m060502@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR ports/151055; it has been noted by GNATS.

From: Florian Smeets <flo@smeets.im>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/151055: [MAINTAINER] [security] www/phpmyfaq: update to
 2.6.9, fix XSS vulnerability
Date: Wed, 29 Sep 2010 09:36:16 +0200

 This is a multi-part message in MIME format.
 --------------060105080902070007030508
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Here is the vuxml entry.
 
 --------------060105080902070007030508
 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0";
  name="vuxml.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="vuxml.diff"
 
 --- vuln.xml.old	2010-09-29 09:06:01.000000000 +0200
 +++ vuln.xml	2010-09-29 09:21:18.000000000 +0200
 @@ -34,6 +34,36 @@
  
  -->
  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
 +  <vuln vid="068732bb-cb98-11df-bc93-001c42d23634">
 +    <topic>phpmyfaq -- XSS vulnerabilities</topic>
 +    <affects>
 +      <package>
 +	<name>phpmyfaq</name>
 +	<range><ge>2.6.0</ge><lt>2.6.9</lt></range>
 +      </package>
 +    </affects>
 +    <description>
 +      <body xmlns="http://www.w3.org/1999/xhtml">;
 +	<p>The phpMyFAQ project reports:</p>
 +	<blockquote cite="http://www.phpmyfaq.de/advisory_2010-09-28.php">;
 +	  <p>The phpMyFAQ Team has learned of a security issue that has been 
 +	  discovered in phpMyFAQ 2.6.x</p>
 +	  <p>phpMyFAQ doesn't sanitize some variables in different pages
 +	  correctly. With a properly crafted URL it is e.g. possible to inject
 +	  JavaScript code into the output of a page, which could result in the
 +	  leakage of domain cookies (f.e. session identifiers).</p>
 +	</blockquote>
 +      </body>
 +    </description>
 +    <references>
 +    <url>http://www.phpmyfaq.de/advisory_2010-09-28.php</url>;
 +    </references>
 +    <dates>
 +      <discovery>2010-09-28</discovery>
 +      <entry>2010-09-29</entry>
 +    </dates>
 +  </vuln>
 +
    <vuln vid="80b6d6cc-c970-11df-bb18-0015587e2cc1">
      <topic>openx -- remote code execution vulnerability</topic>
      <affects>
 
 --------------060105080902070007030508--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009290740.o8T7e42m060502>