Summary: | [security] www/tomcat6, www/tomcat55 information disclosure | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | niels <niels> |
Component: | Individual Port(s) | Assignee: | Alex Dupre <ale> |
Status: | Closed FIXED | ||
Severity: | Affects Only Me | ||
Priority: | Normal | ||
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
niels
2010-04-24 21:50:03 UTC
niels 2010-04-24 21:14:58 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Documented vulnerabilities in moodle, tomcat55, tomcat66 and cacti PR: ports/146021 PR: ports/146022 Approved by: remko (secteam) Security: http://seclists.org/bugtraq/2010/Apr/200 Security: http://docs.moodle.org/en/Moodle_1.9.8_release_notes Security: http://www.bonsai-sec.com/en/research/vulnerability.php Revision Changes Path 1.2146 +95 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" Responsible Changed From-To: freebsd-ports-bugs->ale The vuXML patch has been committed, but the two tomcat ports still need updating. Assign this the to maintainer of tomcat6 with a Cc: to the maintainer of tomcat55. State Changed From-To: open->closed Now OBE by later commits to tomcat55 and tomcat6. It looks like this vulnerability was covered in the latest update of tomcat55 with PR ports/148611, as the tomcat version is not affected per the CVE. http://seclists.org/bugtraq/2010/Apr/200 Affects version of tomcat 5.5.0 to 5.5.29 Tomcat version is now at 5.5.30 -jgh -- Jason Helfman |