Bug 206717 - www/radicale multiple vulnerabilities in v1.0
Summary: www/radicale multiple vulnerabilities in v1.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Mark Felder
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-28 21:46 UTC by freebsd
Modified: 2016-01-29 15:39 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (feld)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description freebsd 2016-01-28 21:46:16 UTC 
www/radicale version 1.0.1 contains multiple vulnerabilities

extract of the changelog for version 1.1:
* Prevent crafted HTTP request from calling arbitrary functions (by Unrud)
* Prevent regex injection in rights management (by Unrud)
see http://radicale.org/news/ for complete changelog
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-01-29 15:35:34 UTC 
A commit references this bug:

Author: feld
Date: Fri Jan 29 15:35:11 UTC 2016
New revision: 407473
URL: https://svnweb.freebsd.org/changeset/ports/407473

Log:
  www/radicale: Update to 1.1.1

  PR:		206717
  Security:	CVE-2015-8747
  Security:	CVE-2015-8748

Changes:
  head/www/radicale/Makefile
  head/www/radicale/distinfo
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-01-29 15:36:36 UTC 
A commit references this bug:

Author: feld
Date: Fri Jan 29 15:36:32 UTC 2016
New revision: 407474
URL: https://svnweb.freebsd.org/changeset/ports/407474

Log:
  MFH: r407473

  www/radicale: Update to 1.1.1

  PR:		206717
  Security:	CVE-2015-8747
  Security:	CVE-2015-8748
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/www/radicale/Makefile
  branches/2016Q1/www/radicale/distinfo
Comment 3 Mark Felder freebsd_committer freebsd_triage 2016-01-29 15:36:57 UTC 
Thanks for the report! This one slipped by me.
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-01-29 15:39:37 UTC 
A commit references this bug:

Author: feld
Date: Fri Jan 29 15:38:49 UTC 2016
New revision: 407475
URL: https://svnweb.freebsd.org/changeset/ports/407475

Log:
  vuxml: radicale entry needs python prefixes for packagename

  PR:		206717

Changes:
  head/security/vuxml/vuln.xml