Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 19 Aug 2011 23:03:03 +0000
From:      "Philip M. Gollucci" <pgollucci@p6m7g8.com>
To:        Xin LI <delphij@FreeBSD.org>
Cc:        cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org
Subject:   Re: cvs commit: ports/security/vuxml vuln.xml
Message-ID:  <4E4EEBA7.7030609@p6m7g8.com>
In-Reply-To: <201108191842.p7JIgCd5010612@repoman.freebsd.org>
References:  <201108191842.p7JIgCd5010612@repoman.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Just update the port, and we'll deal with the pavmail.  I didn't realize
it was security related.


On 08/19/11 18:42, Xin LI wrote:
> delphij     2011-08-19 18:42:12 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     security/vuxml       vuln.xml 
>   Log:
>   Document Rails multiple vulnerabilities.
>   
>   Revision  Changes    Path
>   1.2415    +34 -1     ports/security/vuxml/vuln.xml
> 
> http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.2414&r2=1.2415&f=h
> | --- ports/security/vuxml/vuln.xml	2011/08/19 17:46:10	1.2414
> | +++ ports/security/vuxml/vuln.xml	2011/08/19 18:42:12	1.2415
> | @@ -28,12 +28,45 @@ WHETHER IN CONTRACT, STRICT LIABILITY, O
> |  OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
> |  EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> |  
> | -  $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.2414 2011/08/19 17:46:10 delphij Exp $
> | +  $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.2415 2011/08/19 18:42:12 delphij Exp $
> |  
> |  Note:  Please add new entries to the beginning of this file.
> |  
> |  -->
> |  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
> | +  <vuln vid="be77eff6-ca91-11e0-aea3-00215c6a37bb">
> | +    <topic>rubygem-rails -- multiple vulnerabilities</topic>
> | +    <affects>
> | +      <package>
> | +	<name>rubygem-rails</name>
> | +	<range><lt>3.0.10</lt></range>
> | +      </package>
> | +    </affects>
> | +    <description>
> | +      <body xmlns="http://www.w3.org/1999/xhtml">;
> | +	<p>SecurityFocus reports:</p>
> | +	<blockquote cite="http://www.securityfocus.com/bid/49179/discuss">;
> | +	  <p>Ruby on Rails is prone to multiple vulnerabilities
> | +	    including SQL-injection, information-disclosure,
> | +	    HTTP-header-injection, security-bypass and cross-site
> | +	    scripting issues.</p>
> | +	</blockquote>
> | +      </body>
> | +    </description>
> | +    <references>
> | +      <bid>49179</bid>
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b</url>;
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6</url>;
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768</url>;
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12</url>;
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195</url>;
> | +    </references>
> | +    <dates>
> | +      <discovery>2011-08-16</discovery>
> | +      <entry>2011-08-19</entry>
> | +    </dates>
> | +  </vuln>
> | +
> |    <vuln vid="0b53f5f7-ca8a-11e0-aea3-00215c6a37bb">
> |      <topic>dovecot -- denial of service vulnerability</topic>
> |      <affects>


-- 
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354
VP Infrastructure,                Apache Software Foundation
Committer,                        FreeBSD Foundation
Consultant,                       P6M7G8 Inc.
Sr. System Admin,                 Ridecharge Inc.

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E4EEBA7.7030609>