See thread: http://openwall.com/lists/oss-security/2015/06/25/12
Please note that new version 1.12.4 (and not 1.12.3 like in the link described) fixes the security-issue.
Created attachment 158174 [details] security/vuxml entry for wesnoth CVE-2015-5069,CVE-2015-5070 # make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit wesnoth-1.12.4,1 0 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit wesnoth-1.12.2,1 wesnoth-1.12.2,1 is vulnerable: wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension CVE: CVE-2015-5070 CVE: CVE-2015-5069 WWW: https://vuxml.FreeBSD.org/freebsd/2a8b7d21-1ecc-11e5-a4a5-002590263bf5.html 1 problem(s) in the installed packages found.
This PR depends on maintainer update for wesnoth-1.12.4,1 in bug 201192.
Committed, thanks!
A commit references this bug: Author: delphij Date: Wed Jul 1 00:09:33 UTC 2015 New revision: 391017 URL: https://svnweb.freebsd.org/changeset/ports/391017 Log: Document games/wesnoth authentication information disclosure vulnerability. PR: 201105 Submitted by: Jason Unovitch Changes: head/security/vuxml/vuln.xml