Bug 212378

Summary:	mail/mailman - missing vuxml entry
Product:	Ports & Packages	Reporter:	Sevan Janiyan <venture37>
Component:	Individual Port(s)	Assignee:	Matthias Andree <mandree>
Status:	Closed FIXED
Severity:	Affects Some People	CC:	ports-secteam
Priority:	---	Keywords:	security
Version:	Latest	Flags:	mandree: maintainer-feedback+
Hardware:	Any
OS:	Any
URL:	https://vuxml.freebsd.org/freebsd/b11ab01b-6e19-11e6-ab24-080027ef73ec.html
See Also:	https://launchpad.net/bugs/775294

Description Sevan Janiyan 2016-09-04 23:56:26 UTC

CVE-2016-7123 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7123

Comment 1 Matthias Andree freebsd_committer

2016-09-05 06:49:15 UTC

Thanks for the pointer, will add this later; we already have other Security information in place that overlap this information up to a later version,
https://vuxml.freebsd.org/freebsd/b11ab01b-6e19-11e6-ab24-080027ef73ec.html

Comment 2 Matthias Andree freebsd_committer

2016-09-05 07:01:58 UTC

How does this relate to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0707 CVE-2011-0707 reported as VuXML ID 64691c49-4b22-11e0-a226-00e0815b8da8? These look very similar.

Comment 3 Matthias Andree freebsd_committer

2016-09-05 07:12:30 UTC

Adding https://bugs.launchpad.net/bugs/1614841 because that's where I've taken discussion for now.

Comment 4 Matthias Andree freebsd_committer

2016-09-06 08:37:38 UTC

The actual reference is https://bugs.launchpad.net/mailman/+bug/775294

Comment 5 commit-hook freebsd_committer

2016-09-06 08:37:48 UTC

A commit references this bug:

Author: mandree
Date: Tue Sep  6 08:37:04 UTC 2016
New revision: 421409
URL: https://svnweb.freebsd.org/changeset/ports/421409

Log:
  Add CVE-2016-7123 for resolved mailman CSRF.

  PR:		212378
  Reported by:	Sevan Janiyan
  Security:	CVE-2016-7123
  Security:	9e50dcc3-740b-11e6-94a2-080027ef73ec

Changes:
  head/security/vuxml/vuln.xml