From http://secunia.com/advisories/29915/ : "A vulnerability has been reported in swfdec, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to swfdec not properly restricting untrusted sandboxes from reading local files, which can be exploited to disclose the content of arbitrary local files by e.g. tricking a user into visiting a malicious website. The vulnerability is reported in versions prior to 0.6.4." The files/patch-swfdec-gtk_swfdec_gtk_system.c patch is not needed with this release. Fix: The patch below updates graphics/swfdec to version 0.6.6. It also fixes a problem with inclusion of bsd.port.*.mk (.pre.mk must be included prior to testing OPTIONS).
Responsible Changed From-To: freebsd-ports-bugs->alexbl Over to maintainer (via the GNATS Auto Assign Tool)
Responsible Changed From-To: alexbl->brix I will handle this (security/maintainer-timeout).
brix 2008-05-08 18:12:05 UTC FreeBSD ports repository Modified files: graphics/swfdec Makefile distinfo Removed files: graphics/swfdec/files patch-swfdec-gtk_swfdec_gtk_system.c Log: - Update to version 0.6.6 (security update) - Fix problem with inclusion of bsd.port.*.mk (.pre.mk must be included prior to testing OPTIONS) PR: ports/123373 Submitted by: myself Approved by: maintainer-timeout, linimon (portmgr), erwin (mentor) Security: http://www.vuxml.org/freebsd/5ef12755-1c6c-11dd-851d-0016d325a0ed.html Revision Changes Path 1.53 +5 -3 ports/graphics/swfdec/Makefile 1.19 +3 -3 ports/graphics/swfdec/distinfo 1.2 +0 -16 ports/graphics/swfdec/files/patch-swfdec-gtk_swfdec_gtk_system.c (dead) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed.