Bug 206717

Summary:	www/radicale multiple vulnerabilities in v1.0
Product:	Ports & Packages	Reporter:	freebsd
Component:	Individual Port(s)	Assignee:	Mark Felder <feld>
Status:	Closed FIXED
Severity:	Affects Many People	Flags:	bugzilla: maintainer-feedback? (feld)
Priority:	---
Version:	Latest
Hardware:	Any
OS:	Any

Description freebsd 2016-01-28 21:46:16 UTC

www/radicale version 1.0.1 contains multiple vulnerabilities

extract of the changelog for version 1.1:
* Prevent crafted HTTP request from calling arbitrary functions (by Unrud)
* Prevent regex injection in rights management (by Unrud)
see http://radicale.org/news/ for complete changelog

Comment 1 commit-hook freebsd_committer

2016-01-29 15:35:34 UTC

A commit references this bug:

Author: feld
Date: Fri Jan 29 15:35:11 UTC 2016
New revision: 407473
URL: https://svnweb.freebsd.org/changeset/ports/407473

Log:
  www/radicale: Update to 1.1.1

  PR:		206717
  Security:	CVE-2015-8747
  Security:	CVE-2015-8748

Changes:
  head/www/radicale/Makefile
  head/www/radicale/distinfo

Comment 2 commit-hook freebsd_committer

2016-01-29 15:36:36 UTC

A commit references this bug:

Author: feld
Date: Fri Jan 29 15:36:32 UTC 2016
New revision: 407474
URL: https://svnweb.freebsd.org/changeset/ports/407474

Log:
  MFH: r407473

  www/radicale: Update to 1.1.1

  PR:		206717
  Security:	CVE-2015-8747
  Security:	CVE-2015-8748
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/www/radicale/Makefile
  branches/2016Q1/www/radicale/distinfo

Comment 3 Mark Felder freebsd_committer

2016-01-29 15:36:57 UTC

Thanks for the report! This one slipped by me.

Comment 4 commit-hook freebsd_committer

2016-01-29 15:39:37 UTC

A commit references this bug:

Author: feld
Date: Fri Jan 29 15:38:49 UTC 2016
New revision: 407475
URL: https://svnweb.freebsd.org/changeset/ports/407475

Log:
  vuxml: radicale entry needs python prefixes for packagename

  PR:		206717

Changes:
  head/security/vuxml/vuln.xml