Date: Mon, 3 Jul 2017 20:04:13 +1000 From: Kubilay Kocak <koobs@FreeBSD.org> To: Bernard Spil <brnrd@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r444930 - head/security/vuxml Message-ID: <21feb5f8-1082-4514-4705-842b8b470d4a@FreeBSD.org> In-Reply-To: <201707030930.v639U3Oo011837@repo.freebsd.org> References: <201707030930.v639U3Oo011837@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/3/17 7:30 PM, Bernard Spil wrote: > Author: brnrd > Date: Mon Jul 3 09:30:03 2017 > New Revision: 444930 > URL: https://svnweb.freebsd.org/changeset/ports/444930 > > Log: > security/vuxml: Document smarty3 shell injection vuln PR: 220435 > Modified: > head/security/vuxml/vuln.xml > > Modified: head/security/vuxml/vuln.xml > ============================================================================== > --- head/security/vuxml/vuln.xml Mon Jul 3 09:14:39 2017 (r444929) > +++ head/security/vuxml/vuln.xml Mon Jul 3 09:30:03 2017 (r444930) > @@ -58,6 +58,31 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; > + <vuln vid="6e4e35c3-5fd1-11e7-9def-b499baebfeaf"> > + <topic>smarty3 -- shell injection in math</topic> > + <affects> > + <package> > + <name>smarty3</name> > + <range><lt>3.1.30</lt></range> > + </package> > + </affects> > + <description> > + <body xmlns="http://www.w3.org/1999/xhtml">; > + <p>The smarty project reports:</p> > + <blockquote cite="https://github.com/smarty-php/smarty/blob/v3.1.30/change_log.txt">; > + <p>bugfix {math} shell injection vulnerability</p> > + </blockquote> > + </body> > + </description> > + <references> > + <url>https://github.com/smarty-php/smarty/blob/v3.1.30/change_log.txt</url>; > + </references> > + <dates> > + <discovery>2016-07-19</discovery> > + <entry>2017-07-03</entry> > + </dates> > + </vuln> > + > <vuln vid="ed3bf433-5d92-11e7-aa14-e8e0b747a45a"> > <topic>libgcrypt -- side-channel attack on RSA secret keys</topic> > <affects> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21feb5f8-1082-4514-4705-842b8b470d4a>