The current version of SQL_Ledger in the ports system is vulnerable to a "authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x." 2.6.26 was released to correct this problem. http://www.securityfocus.com/archive/1/462375 How-To-Repeat: N/A
Responsible Changed From-To: freebsd-ports-bugs->lth Over to maintainer
lth 2007-03-16 11:48:32 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Document sql-ledger vulnerability PR: ports/110350 Submitted by: Antoine Beaupre <anarcat@koumbit.org> Revision Changes Path 1.1299 +42 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
lth 2007-03-16 11:57:15 UTC FreeBSD ports repository Modified files: finance/sql-ledger Makefile distinfo pkg-plist Log: Update to 2.6.26, fixing authentication bypass vulnerability For changes, see: http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New PR: ports/110350 Submitted by: Antoine Beaupre <anarcat@koumbit.org> Security: http://www.vuxml.org/freebsd/8e02441d-d39c-11db-a6da-0003476f14d3.html Revision Changes Path 1.16 +1 -1 ports/finance/sql-ledger/Makefile 1.15 +3 -3 ports/finance/sql-ledger/distinfo 1.13 +1 -1 ports/finance/sql-ledger/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!