Bug 181606 - vuxml database update - cati vulnerabilities have been discovered
Summary: vuxml database update - cati vulnerabilities have been discovered
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Sergey Matveychuk
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-28 09:50 UTC by Rodrigo OSORIO
Modified: 2013-08-29 12:00 UTC (History)
0 users

See Also:

Attachments
vuxml.diff (1.17 KB, patch)
2013-08-28 09:50 UTC, Rodrigo OSORIO 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Rodrigo OSORIO 2013-08-28 09:50:00 UTC 

    


    


      



        
          Comment 1
        

        
          Sergey Matveychuk

        

        
            freebsd_committer
            freebsd_triage
        

        
          2013-08-28 11:51:02 UTC
        

      






Responsible Changed
From-To: freebsd-ports-bugs->sem

Take it.

    


    


      



        
          Comment 2
        

        
          dfilter service

        

        
            freebsd_committer
            freebsd_triage
        

        
          2013-08-29 11:56:32 UTC
        

      






Author: sem
Date: Thu Aug 29 10:56:24 2013
New Revision: 325582
URL: http://svnweb.freebsd.org/changeset/ports/325582

Log:
  - Document the last cacti vulnerabilities
  
  PR:		ports/181606 (based on)
  Submitted by:	Rodrigo (ros) OSORIO <rodrigo@bebik.net>

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Aug 29 10:09:37 2013	(r325581)
+++ head/security/vuxml/vuln.xml	Thu Aug 29 10:56:24 2013	(r325582)
@@ -51,6 +51,36 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="b3b8d491-0fbb-11e3-8c50-1c6f65c11ee6">
+    <topic>cacti -- allow remote attackers to execute arbitrary SQL commands</topic>
+    <affects>
+      <package>
+	<name>cacti</name>
+	<range><lt>0.8.8b</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Cacti release reports:</p>
+	<blockquote cite="http://www.cacti.net/release_notes_0_8_8b.php">
+	  <p>Multiple security vulnerabilities have been fixed:</p>
+	  <ul>
+	    <li>SQL injection vulnerabilities</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+       <cvename>CVE-2013-1434</cvename>
+       <cvename>CVE-2013-1435</cvename>
+       <url>http://www.cacti.net/release_notes_0_8_8b.php</url>
+    </references>
+    <dates>
+      <discovery>2013-08-06</discovery>
+      <entry>2013-08-29</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="fd2bf3b5-1001-11e3-ba94-0025905a4771">
     <topic>asterisk -- multiple vulnerabilities</topic>
     <affects>
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"

    


    


      



        
          Comment 3
        

        
          Sergey Matveychuk

        

        
            freebsd_committer
            freebsd_triage
        

        
          2013-08-29 11:56:50 UTC
        

      






State Changed
From-To: open->closed

Committed. Thanks!