Created attachment 158943 [details] security/vuxml entries for moodle CVE-2015-3272 -> 3275 Reference: http://seclists.org/oss-sec/2015/q3/94 Commit log: - Document recent Moodle security advisories Security: CVE-2015-3272 Security: CVE-2015-3273 Security: CVE-2015-3274 Security: CVE-2015-3275 Security: 43891162-2d5e-11e5-a4a5-002590263bf5 Validation: % make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml % env PKG_DBDIR=/usr/ports/security/vuxml pkg audit moodle29-2.9.0 moodle29-2.9.0 is vulnerable: moodle -- multiple vulnerabilities CVE: CVE-2015-3275 CVE: CVE-2015-3274 CVE: CVE-2015-3273 CVE: CVE-2015-3272 WWW: https://vuxml.FreeBSD.org/freebsd/43891162-2d5e-11e5-a4a5-002590263bf5.html 1 problem(s) in the installed packages found. % env PKG_DBDIR=/usr/ports/security/vuxml pkg audit moodle29-2.9.1 0 problem(s) in the installed packages found.
wen@, r391620, r391625, and r391628 were all committed on 9 July for this but as of yet 2015Q3 still needs an MFH of those updates.
Thanks Jason, I'll take this
A commit references this bug: Author: feld Date: Sat Jul 18 23:16:06 UTC 2015 New revision: 392471 URL: https://svnweb.freebsd.org/changeset/ports/392471 Log: Document recent Moodle security advisories Security: CVE-2015-3272 Security: CVE-2015-3273 Security: CVE-2015-3274 Security: CVE-2015-3275 Security: 43891162-2d5e-11e5-a4a5-002590263bf5 PR: 201675 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: feld Date: Sat Jul 18 23:18:31 UTC 2015 New revision: 392472 URL: https://svnweb.freebsd.org/changeset/ports/392472 Log: MFH: r391620 - Update to 2.9.1 - Update options - Add missing php module - Fix file permissions Security: 43891162-2d5e-11e5-a4a5-002590263bf5 Security: CVE-2015-3272 Security: CVE-2015-3273 Security: CVE-2015-3274 Security: CVE-2015-3275 PR: 201675 Approved by: ports-secteam (with hat) Changes: _U branches/2015Q3/ branches/2015Q3/www/moodle29/Makefile branches/2015Q3/www/moodle29/distinfo
A commit references this bug: Author: feld Date: Sat Jul 18 23:19:24 UTC 2015 New revision: 392473 URL: https://svnweb.freebsd.org/changeset/ports/392473 Log: MFH: r391625 - Update to 2.8.7 - Update options - Add missing php module - Fix file permissions - Adjust CONFLICTS Security: 43891162-2d5e-11e5-a4a5-002590263bf5 Security: CVE-2015-3272 Security: CVE-2015-3273 Security: CVE-2015-3274 Security: CVE-2015-3275 PR: 201675 Approved by: ports-secteam (with hat) Changes: _U branches/2015Q3/ branches/2015Q3/www/moodle28/Makefile branches/2015Q3/www/moodle28/distinfo
A commit references this bug: Author: feld Date: Sat Jul 18 23:20:10 UTC 2015 New revision: 392474 URL: https://svnweb.freebsd.org/changeset/ports/392474 Log: MFH: r391628 - Update to 2.7.9 - Update options - Add missing php module - Fix file permissions - Adjust CONFLICTS - Mark DEPRECTED Security: 43891162-2d5e-11e5-a4a5-002590263bf5 Security: CVE-2015-3272 Security: CVE-2015-3273 Security: CVE-2015-3274 Security: CVE-2015-3275 PR: 201675 Approved by: ports-secteam (with hat) Changes: _U branches/2015Q3/ branches/2015Q3/www/moodle27/Makefile branches/2015Q3/www/moodle27/distinfo
Created attachment 158972 [details] security/vuxml fixup copy/paste mishap Mark, Thanks! I just realized I had a copy/paste mishap with the references to the release notes. I cited 2.7.9 twice. Can you apply this patch to fix that up? Sorry for that.
A commit references this bug: Author: feld Date: Mon Jul 20 14:52:07 UTC 2015 New revision: 392575 URL: https://svnweb.freebsd.org/changeset/ports/392575 Log: Fix moodle reference URL PR: 201675 Security: 43891162-2d5e-11e5-a4a5-002590263bf5 Changes: head/security/vuxml/vuln.xml