Date: Fri, 31 May 2013 11:33:41 +0000 (UTC) From: Chris Rees <crees@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r319486 - in head: . irc irc/bitchx-devel security/vuxml Message-ID: <201305311133.r4VBXfoR061287@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: crees Date: Fri May 31 11:33:41 2013 New Revision: 319486 URL: http://svnweb.freebsd.org/changeset/ports/319486 Log: Actually remove bitchx-devel and add a VuXML entry. Security: CVE-2007-4584 Security: CVE-2007-5839 Security: CVE-2007-5922 Deleted: head/irc/bitchx-devel/ Modified: head/MOVED head/irc/Makefile head/security/vuxml/vuln.xml Modified: head/MOVED ============================================================================== --- head/MOVED Fri May 31 11:12:58 2013 (r319485) +++ head/MOVED Fri May 31 11:33:41 2013 (r319486) @@ -4333,3 +4333,4 @@ x11-toolkits/linux-gtk2||2013-05-30|Has x11-toolkits/linux-openmotif||2013-05-30|Has expired: Only used on FreeBSD 7, which is end-of-life x11-toolkits/linux-pango||2013-05-30|Has expired: Only used on FreeBSD 7, which is end-of-life x11-toolkits/linux-qt33||2013-05-30|Has expired: Only used on FreeBSD 7, which is end-of-life +irc/bitchx-devel|irc/bitchx|2013-05-31|Release finally cut Modified: head/irc/Makefile ============================================================================== --- head/irc/Makefile Fri May 31 11:12:58 2013 (r319485) +++ head/irc/Makefile Fri May 31 11:33:41 2013 (r319486) @@ -6,7 +6,6 @@ SUBDIR += anope SUBDIR += bip SUBDIR += bitchx - SUBDIR += bitchx-devel SUBDIR += bitlbee SUBDIR += bnc SUBDIR += bobot++ Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri May 31 11:12:58 2013 (r319485) +++ head/security/vuxml/vuln.xml Fri May 31 11:33:41 2013 (r319486) @@ -51,6 +51,56 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="0a799a8e-c9d4-11e2-a424-14dae938ec40"> + <topic>irc/bitchx -- multiple vulnerabilities</topic> + <affects> + <package> + <name>BitchX</name> + <range><lt>1.2.*,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>bannedit reports:</p> + <blockquote cite="http://www.cvedetails.com/cve/CVE-2007-4584/">; + <p>Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC + servers to execute arbitrary code via a long string in a MODE + command, related to the p_mode variable.</p> + </blockquote> + <p>Nico Golde reports:</p> + <blockquote cite="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449149">; + <p>There is a security issue in ircii-pana in bitchx' hostname + command. The e_hostname function (commands.c) uses tmpnam to + create a temporary file which is known to be insecure.</p> + </blockquote> + <p>Chris reports:</p> + <blockquote cite="http://secunia.com/advisories/27556">; + <p>Chris has reported a vulnerability in the Cypress script for + BitchX, which can be exploited by malicious people to disclose + potentially sensitive information or to compromise a vulnerable + system.</p> + + <p>The vulnerability is caused due to malicious code being present + in the modules/mdop.m file. This can be exploited to disclose the + content of various system files or to execute arbitrary shell + commands.</p> + + <p>Successful exploitation allows execution of arbitrary code, but + requires the control of the "lsyn.webhop.net" domain.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-4584</cvename> + <cvename>CVE-2007-5839</cvename> + <cvename>CVE-2007-5922</cvename> + </references> + <dates> + <discovery>2007-08-28</discovery> + <entry>2013-05-31</entry> + </dates> + </vuln> + <vuln vid="19751e06-c798-11e2-a373-000c29833058"> <topic>znc -- null pointer dereference in webadmin module</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305311133.r4VBXfoR061287>