Two serious issues affect this port (which is at version 0.7.15). You can find the descriptions in the following advisories: http://seclists.org/bugtraq/2010/Apr/156 http://seclists.org/bugtraq/2010/Apr/160 Fix: Upgrade port to version 0.7.20 with the following patch: http://people.freebsd.org/~niels/ports/diffs/e107-0.7.20.diff Tinderbox test log: http://freebsd.heinen.ws/tb/logs/8.0-STABLE/e107-0.7.20.log NOTE: No functional tests have been performed! How-To-Repeat: N/A
Responsible Changed From-To: freebsd-ports-bugs->niels Submitter has GNATS access (via the GNATS Auto Assign Tool)
Maintainer of www/e107, Please note that PR ports/145885 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/145885 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
niels 2010-04-20 15:17:33 UTC FreeBSD ports repository Modified files: www/e107 Makefile distinfo Log: Upgrade to 0.7.20 to fix two security issues PR: ports/145885 Reviewed by: wen (maintainer) Approved by: itetcu (mentor) Security: http://seclists.org/bugtraq/2010/Apr/156 Security: http://seclists.org/bugtraq/2010/Apr/160 Revision Changes Path 1.3 +3 -3 ports/www/e107/Makefile 1.2 +3 -3 ports/www/e107/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed Patch has been committed, port is upgraded to 0.7.20
niels 2010-04-20 21:03:51 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Documented the following vulnerabilities: - png: libpng decompression denial of service - e107: code execution and XSS vulnerabilities - pidgin: multiple remote denial of service vulnerabilities - fetchmail: denial of service vulnerability PR: ports/145885 PR: ports/145857 Approved by: remko (secteam) Security: CVE-2010-0996 Security: CVE-2010-0997 Security: CVE-2010-1167 Security: CVE-2010-0277 Security: CVE-2010-0420 Security: CVE-2010-0423 Security: CVE-2010-0205 Revision Changes Path 1.2143 +162 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"