Date: Sun, 21 Jun 2015 14:24:04 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 200963] [MAINTAINER] net-mgmt/cacti: Update to 0.8.8d, Fix security vulnerabilities Message-ID: <bug-200963-13-0oK4ZyhaTU@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-200963-13@https.bugs.freebsd.org/bugzilla/> References: <bug-200963-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200963 --- Comment #7 from Jason Unovitch <jason.unovitch@gmail.com> --- Created attachment 157927 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=157927&action=edit security/vuxml entry for cacti 0.8.8c and 0.8.8d multiple vulnerabilities (In reply to Daniel Austin from comment #2) Thanks for the info. As it turns out, we missed documenting any of the security advisories from 0.8.8c as the last vuxml was 0.8.8b. Patch attached to document both 0.8.8c and 0.8.8d issues is ready to apply. VALIDATION: # make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cacti-0.8.8b cacti-0.8.8b is vulnerable: cacti -- Multiple XSS and SQL injection vulerabilities CVE: CVE-2015-4342 WWW: https://vuxml.FreeBSD.org/freebsd/a3929112-181b-11e5-a1cf-002590263bf5.html cacti-0.8.8b is vulnerable: cacti -- multiple security vulnerabilities CVE: CVE-2014-5026 CVE: CVE-2014-5025 CVE: CVE-2014-4002 CVE: CVE-2014-2328 CVE: CVE-2014-2327 CVE: CVE-2014-2326 CVE: CVE-2013-5589 CVE: CVE-2013-5588 WWW: https://vuxml.FreeBSD.org/freebsd/a0e74731-181b-11e5-a1cf-002590263bf5.html 1 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cacti-0.8.8c cacti-0.8.8c is vulnerable: cacti -- Multiple XSS and SQL injection vulerabilities CVE: CVE-2015-4342 WWW: https://vuxml.FreeBSD.org/freebsd/a3929112-181b-11e5-a1cf-002590263bf5.html 1 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cacti-0.8.8d 0 problem(s) in the installed packages found. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200963-13-0oK4ZyhaTU>