Hi, vte-0.24.1 as in ports tree right now, and probably some earlier versions are vulnerable. See: http://www.securityfocus.com/archive/1/512388 http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91 Sorry, no patch included, but the above link has the upstream's solution. (I am not building huge X11 and Gnome libraries on my headless servers where I run FreeBSD.)
Responsible Changed From-To: freebsd-ports-bugs->gnome Over to maintainer (via the GNATS Auto Assign Tool)
Fixed in: http://ftp.gnome.org/pub/gnome/sources/vte/0.24/vte-0.24.3.tar.bz2 -- Janne Snabb / EPIPE Communications snabb@epipe.com - http://epipe.com/
kwm 2010-07-18 23:28:32 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Document vte title set+query attack vulnerability. While here add the CVE numbers to the webkit-gtk2 entry I forgot in the previous commit. PR: ports/148678 Submitted by: Janne Snabb <snabb@epipe.com> Revision Changes Path 1.2185 +54 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
kwm 2010-07-18 23:31:14 UTC FreeBSD ports repository Modified files: x11-toolkits/vte Makefile distinfo Log: Update to 0.24.3. This version fixes the title set+query attack vulnability. PR: ports/148678 Submitted by: Janne Snabb <snabb@epipe.com> Security: 9a8fecef-92c0-11df-b140-0015f2db7bde Revision Changes Path 1.97 +2 -2 ports/x11-toolkits/vte/Makefile 1.58 +3 -3 ports/x11-toolkits/vte/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed thanks!