Date: Wed, 26 Sep 2012 15:37:59 +0000 (UTC) From: Greg Larkin <glarkin@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r304919 - in head: lang/eperl security/vuxml Message-ID: <201209261537.q8QFbx8E050348@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glarkin Date: Wed Sep 26 15:37:58 2012 New Revision: 304919 URL: http://svn.freebsd.org/changeset/ports/304919 Log: - Document remote code execution in ePerl (all versions) - Deprecate and schedule removal in month - no upstream fix available and no active development since 1998 Security: 73efb1b7-07ec-11e2-a391-000c29033c32 Security: CVE-2001-0733 Security: http://www.shmoo.com/mail/bugtraq/jun01/msg00286.shtml Modified: head/lang/eperl/Makefile head/security/vuxml/vuln.xml Modified: head/lang/eperl/Makefile ============================================================================== --- head/lang/eperl/Makefile Wed Sep 26 15:29:31 2012 (r304918) +++ head/lang/eperl/Makefile Wed Sep 26 15:37:58 2012 (r304919) @@ -15,6 +15,9 @@ MASTER_SITE_SUBDIR= tool/${PORTNAME} MAINTAINER= glarkin@FreeBSD.org COMMENT= Embedded Perl 5 Language +DEPRECATED= Unfixed upstream remote vulnerability and no activity since 1998 +EXPIRATION_DATE=2012-10-26 + # User-controlled variables list # INSTALL_ALSO_AS_SSSL # install ePerl also as a Server-Side Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Sep 26 15:29:31 2012 (r304918) +++ head/security/vuxml/vuln.xml Wed Sep 26 15:37:58 2012 (r304919) @@ -51,6 +51,42 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="73efb1b7-07ec-11e2-a391-000c29033c32"> + <topic>eperl -- Remote code execution</topic> + <affects> + <package> + <name>eperl</name> + <range><le>2.2.14_4</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>David Madison reports:</p> + <blockquote cite="http://www.shmoo.com/mail/bugtraq/jun01/msg00286.shtml">; + <p>ePerl is a multipurpose Perl filter and interpreter program + for Unix systems. The ePerl preprocessor contains an input + validation error. The preprocessor allows foreign data to be + "safely" included using the 'sinclude' directive.</p> + <p>The problem occurs when a file referenced by a 'sinclude' + directive contains a 'include' directive; the contents of + the file referred to by the second directive will be loaded + and executed.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2001-0733</cvename> + <url>http://www.shmoo.com/mail/bugtraq/jun01/msg00286.shtml</url>; + <bid>2912</bid> + <url>http://xforce.iss.net/xforce/xfdb/6743</url>; + <url>http://osvdb.org/show/osvdb/1880</url>; + </references> + <dates> + <discovery>2001-06-21</discovery> + <entry>2012-09-26</entry> + </dates> + </vuln> + <vuln vid="98690c45-0361-11e2-a391-000c29033c32"> <topic>ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209261537.q8QFbx8E050348>