From owner-svn-ports-head@FreeBSD.ORG Fri Jun 28 11:07:49 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id E87B34E1; Fri, 28 Jun 2013 11:07:49 +0000 (UTC) (envelope-from girgen@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id CB06B11BE; Fri, 28 Jun 2013 11:07:49 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r5SB7nvZ023349; Fri, 28 Jun 2013 11:07:49 GMT (envelope-from girgen@svn.freebsd.org) Received: (from girgen@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r5SB7nhQ023343; Fri, 28 Jun 2013 11:07:49 GMT (envelope-from girgen@svn.freebsd.org) Message-Id: <201306281107.r5SB7nhQ023343@svn.freebsd.org> From: Palle Girgensohn Date: Fri, 28 Jun 2013 11:07:49 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r321955 - in head/security: apache-xml-security-c vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jun 2013 11:07:50 -0000 Author: girgen Date: Fri Jun 28 11:07:48 2013 New Revision: 321955 URL: http://svnweb.freebsd.org/changeset/ports/321955 Log: Security update for apache-xml-security-c URL: http://santuario.apache.org/secadv.data/CVE-2013-2210.txt Security: 81da673e-dfe1-11e2-9389-08002798f6ff Security: CVE-2013-2210 Modified: head/security/apache-xml-security-c/Makefile head/security/apache-xml-security-c/distinfo head/security/vuxml/vuln.xml Modified: head/security/apache-xml-security-c/Makefile ============================================================================== --- head/security/apache-xml-security-c/Makefile Fri Jun 28 10:50:51 2013 (r321954) +++ head/security/apache-xml-security-c/Makefile Fri Jun 28 11:07:48 2013 (r321955) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= xml-security-c -PORTVERSION= 1.7.1 +PORTVERSION= 1.7.2 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_APACHE} MASTER_SITE_SUBDIR=santuario/c-library Modified: head/security/apache-xml-security-c/distinfo ============================================================================== --- head/security/apache-xml-security-c/distinfo Fri Jun 28 10:50:51 2013 (r321954) +++ head/security/apache-xml-security-c/distinfo Fri Jun 28 11:07:48 2013 (r321955) @@ -1,2 +1,2 @@ -SHA256 (xml-security-c-1.7.1.tar.gz) = 3d306660702d620b30605627f970b90667ed967211a8fc26b3243e6d3abeb32e -SIZE (xml-security-c-1.7.1.tar.gz) = 875367 +SHA256 (xml-security-c-1.7.2.tar.gz) = d576b07bb843eaebfde3be01301db40504ea8e8e477c0ad5f739b07022445452 +SIZE (xml-security-c-1.7.2.tar.gz) = 875465 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jun 28 10:50:51 2013 (r321954) +++ head/security/vuxml/vuln.xml Fri Jun 28 11:07:48 2013 (r321955) @@ -51,6 +51,35 @@ Note: Please add new entries to the beg --> + + apache-xml-security-c -- heap overflow during XPointer evaluation + + + apache-xml-security-c + 1.7.2 + + + + +

The Apache Software Foundation reports:

+
The attempted fix to address CVE-2013-2154 introduced the + possibility of a heap overflow, possibly leading to arbitrary code + execution, in the processing of malformed XPointer expressions in the + XML Signature Reference processing code.
+

+ + + + CVE-2013-2210 + http://santuario.apache.org/secadv.data/CVE-2013-2210.txt + + + 2013-06-27 + 2013-06-28 + + + mozilla -- multiple vulnerabilities