From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu Mar 19 05:40:02 2009
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 71EF31065670
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 19 Mar 2009 05:40:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 326088FC08
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 19 Mar 2009 05:40:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n2J5e2wQ003818
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Thu, 19 Mar 2009 05:40:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n2J5e2in003817;
	Thu, 19 Mar 2009 05:40:02 GMT (envelope-from gnats)
Resent-Date: Thu, 19 Mar 2009 05:40:02 GMT
Resent-Message-Id: <200903190540.n2J5e2in003817@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Mark Foster <mark@foster.cc>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 04A9C106566B
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu, 19 Mar 2009 05:38:02 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id E79178FC12
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu, 19 Mar 2009 05:38:01 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n2J5c1BA012552
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 19 Mar 2009 05:38:01 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n2J5c1PV012551;
	Thu, 19 Mar 2009 05:38:01 GMT (envelope-from nobody)
Message-Id: <200903190538.n2J5c1PV012551@www.freebsd.org>
Date: Thu, 19 Mar 2009 05:38:01 GMT
From: Mark Foster <mark@foster.cc>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: ports/132800: vuxml submission for net-im/ejabberd
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2009 05:40:02 -0000


>Number:         132800
>Category:       ports
>Synopsis:       vuxml submission for net-im/ejabberd
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 19 05:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Mark Foster
>Release:        7.1 RELEASE
>Organization:
Credentia
>Environment:
>Description:

>How-To-Repeat:

>Fix:
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
   <vuln vid="3af16c5f-306c-4df6-875c-3ffbb59af8a8">
     <topic>ejabberd -- ejabberd MUC Logs Cross Site Scripting Vulnerability</topic>
     <affects>
       <package>
         <name>ejabberd</name>
         <range><lt>2.0.4</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
         <p>SecurityFocus reports:</p>
         <blockquote cite="http://www.securityfocus.com/bid/34133">
           <p>The ejabberd application is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.</p>
         </blockquote>
       </body>
     </description>
     <references>
      <bid>34133</bid>
      <cvename>CVE-2009-0934</cvename>
      <url>http://www.securityfocus.com/bid/34133</url>
     </references>
     <dates>
       <discovery>2009-03-16</discovery>
       <entry>2009-03-18</entry>
     </dates>
   </vuln>



>Release-Note:
>Audit-Trail:
>Unformatted: