Fix: <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuln vid="801d797c-6f14-4edc-85ff-b4d0a88d7fa7"> <topic>websvn -- WebSVN Known Path Access Restriction Security Bypass</topic> <affects> <package> <name>websvn</name> <range><lt>2.1</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>SANS reports:</p> <blockquote cite="http://permalink.gmane.org/gmane.comp.security.oss.general/1390"> <p>WebSVN is an online SVN repository viewer. The application is exposed to a security bypass issue because it fails to properly implement access control mechanisms. WebSVN versions prior to 2.1 are affected.</p> </blockquote> </body> </description> <references> <url>http://permalink.gmane.org/gmane.comp.security.oss.general/1390</url> </references> <dates> <discovery>2009-01-18</discovery> <entry>2009-01-23</entry> </dates> </vuln>
Maintainer of devel/websvn, Please note that PR ports/130934 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/130934 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
please apply this patch (upgrade to 2.10) diff -ruN --exclude=CVS /usr/ports/devel/websvn/Makefile /home/ychsiao/project/websvn/Makefile --- /usr/ports/devel/websvn/Makefile 2007-09-06 12:16:57.000000000 +0800 +++ /home/ychsiao/project/websvn/Makefile 2009-01-30 01:21:09.000000000 +0800 @@ -6,9 +6,9 @@ # PORTNAME= websvn -PORTVERSION= 2.0 +PORTVERSION= 2.1.0 CATEGORIES= devel www -MASTER_SITES= http://websvn.tigris.org/files/documents/1380/39378/ +MASTER_SITES= http://websvn.tigris.org/files/documents/1380/44451/ MAINTAINER= ychsiao@ychsiao.org COMMENT= Subversion repository web frontend diff -ruN --exclude=CVS /usr/ports/devel/websvn/distinfo /home/ychsiao/project/websvn/distinfo --- /usr/ports/devel/websvn/distinfo 2007-09-06 12:16:57.000000000 +0800 +++ /home/ychsiao/project/websvn/distinfo 2009-01-30 01:25:51.000000000 +0800 @@ -1,3 +1,3 @@ -MD5 (websvn-2.0.tar.gz) = 047e02c0fa2948fdf98a3e348e3f1530 -SHA256 (websvn-2.0.tar.gz) = 38104a86d6a90bb3f18a5b0a957b46cf0c1409037bb2a83c09e9f24543cfa2ea -SIZE (websvn-2.0.tar.gz) = 172005 +MD5 (websvn-2.1.0.tar.gz) = 0973edc5ca348424104147846b7d7152 +SHA256 (websvn-2.1.0.tar.gz) = d201eaf8dcf962c8402c2fdd1a798a5b5d4a9700b20c0dadfd83397ffe15afa6 +SIZE (websvn-2.1.0.tar.gz) = 572038 diff -ruN --exclude=CVS /usr/ports/devel/websvn/pkg-descr /home/ychsiao/project/websvn/pkg-descr --- /usr/ports/devel/websvn/pkg-descr 2004-05-26 04:41:27.000000000 +0800 +++ /home/ychsiao/project/websvn/pkg-descr 2009-01-30 01:22:55.000000000 +0800 @@ -4,4 +4,4 @@ given revision. You can also view the differences between 2 versions of a file so as to see exactly what was changed in a particular revision. -WWW: http://websvn.tigris.org/ +WWW: http://www.websvn.info/ * Edwin Groothuis <edwin@FreeBSD.org> [090124 15:40]: > Maintainer of devel/websvn, > > Please note that PR ports/130934 has just been submitted. > > If it contains a patch for an upgrade, an enhancement or a bug fix > you agree on, reply to this email stating that you approve the patch > and a committer will take care of it. > > The full text of the PR can be found at: > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/130934 > > -- > Edwin Groothuis via the GNATS Auto Assign Tool > edwin@FreeBSD.org
Responsible Changed From-To: freebsd-ports-bugs->miwi I'll take it.
miwi 2009-02-09 14:52:55 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: - Document websvn -- multiple vulnerabilities PR: based on 130934 Submitted by: Mark Foster <mark@foster.cc> Revision Changes Path 1.1852 +45 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
miwi 2009-02-09 14:59:51 UTC FreeBSD ports repository Modified files: mail/phplist Makefile distinfo pkg-plist Log: - Update to 2.10.9 PR: 130934 Reported by: Mark Foster <mark@foster.cc> Approved by: maintainer timeout (security update 7 days) Security: http://www.vuxml.org/freebsd/40774927-f6b4-11dd-94d9-0030843d3802.html Revision Changes Path 1.4 +1 -1 ports/mail/phplist/Makefile 1.3 +3 -3 ports/mail/phplist/distinfo 1.3 +1 -0 ports/mail/phplist/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
miwi 2009-02-09 15:01:57 UTC FreeBSD ports repository Modified files: devel/websvn Makefile distinfo pkg-descr Log: - Update to 2.1.0 - Update WWW PR: 130934 Submitted by: Yuan-Chung Hsiao <ychsiao@ychsiao.org> (maintainer) Security: http://www.vuxml.org/freebsd/71597e3e-f6b8-11dd-94d9-0030843d3802.html Revision Changes Path 1.12 +2 -2 ports/devel/websvn/Makefile 1.8 +3 -3 ports/devel/websvn/distinfo 1.2 +1 -1 ports/devel/websvn/pkg-descr _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed documented and updated. thanks.