Summary: | mail/james: security/vuxml: update to 2.3.2.1 (arbitrary system command execution for servers) | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Jason Unovitch <junovitch> |
Component: | Individual Port(s) | Assignee: | Jason Unovitch <junovitch> |
Status: | Closed FIXED | ||
Severity: | Affects Some People | CC: | ports-secteam |
Priority: | --- | Keywords: | security |
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
Jason Unovitch
2015-10-01 02:15:30 UTC
Take, I'll work on this one. A commit references this bug: Author: junovitch Date: Thu Oct 1 03:14:15 UTC 2015 New revision: 398246 URL: https://svnweb.freebsd.org/changeset/ports/398246 Log: Document security advisory for the Apache James server PR: 203461 Security: be3069c9-67e7-11e5-9909-002590263bf5 Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: junovitch Date: Sun Oct 4 21:26:11 UTC 2015 New revision: 398623 URL: https://svnweb.freebsd.org/changeset/ports/398623 Log: mail/james: security update 2.3.1 -> 2.3.2.1; while here fix all the things - Add LICENSE and LICENSE_FILE - Add NO_ARCH - Fix PID_FILE using an undefined variable (resulting PID was /var/run/.pid) - Fix .include lines post staging support - Actually use the version number from PLIST_SUB in pkg-plist - Overhaul rc script - Add PROVIDE/REQUIRE/KEYWORD to header - Remove "geronimo" references from when the port was originally copied - Remove %%JAMES_VERSION%% in rc variable names. Every port version bump in the past came with a POLA issue as james231_enable=YES would now have to be james2321_enable=YES. Provide a shim to translate the old variable names and provide a warning to update rc.conf syntax. - Match start routine to embedded start-up script (which enables stop command to work without a java.lang.IllegalThreadStateException) - Add working status routine - Standardize indentation PR: 203461 Security: CVE-2015-7611 Security: be3069c9-67e7-11e5-9909-002590263bf5 MFH: 2015Q4 Changes: head/mail/james/Makefile head/mail/james/distinfo head/mail/james/files/james.in head/mail/james/pkg-plist A commit references this bug: Author: junovitch Date: Sun Oct 4 21:27:57 UTC 2015 New revision: 398624 URL: https://svnweb.freebsd.org/changeset/ports/398624 Log: Add CVE reference to Apache James entry PR: 203461 Security: CVE-2015-7611 Security: be3069c9-67e7-11e5-9909-002590263bf5 Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: junovitch Date: Mon Oct 5 10:47:48 UTC 2015 New revision: 398638 URL: https://svnweb.freebsd.org/changeset/ports/398638 Log: MFH: r398623 mail/james: security update 2.3.1 -> 2.3.2.1; while here fix all the things - Add LICENSE and LICENSE_FILE - Add NO_ARCH - Fix PID_FILE using an undefined variable (resulting PID was /var/run/.pid) - Fix .include lines post staging support - Actually use the version number from PLIST_SUB in pkg-plist - Overhaul rc script - Add PROVIDE/REQUIRE/KEYWORD to header - Remove "geronimo" references from when the port was originally copied - Remove %%JAMES_VERSION%% in rc variable names. Every port version bump in the past came with a POLA issue as james231_enable=YES would now have to be james2321_enable=YES. Provide a shim to translate the old variable names and provide a warning to update rc.conf syntax. - Match start routine to embedded start-up script (which enables stop command to work without a java.lang.IllegalThreadStateException) - Add working status routine - Standardize indentation PR: 203461 Security: CVE-2015-7611 Security: be3069c9-67e7-11e5-9909-002590263bf5 Approved by: portmgr (erwin) Changes: _U branches/2015Q4/ branches/2015Q4/mail/james/Makefile branches/2015Q4/mail/james/distinfo branches/2015Q4/mail/james/files/james.in branches/2015Q4/mail/james/pkg-plist Closing. ports/head, ports/branches/2015Q4, and VuXML have all been completed. |