Bug 133741 - [maintainer update][patch]Update port: www/ziproxy to 2.7.0
Summary: [maintainer update][patch]Update port: www/ziproxy to 2.7.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Martin Wilke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-04-15 08:00 UTC by Pankov Pavel
Modified: 2009-04-15 16:20 UTC (History)
0 users

See Also:


Attachments
file.diff (6.88 KB, patch)
2009-04-15 08:00 UTC, Pankov Pavel
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Pankov Pavel 2009-04-15 08:00:08 UTC
- Update to 2.7.0

Fix: Apply the patch.

Patch attached with submission follows:
Comment 1 Martin Wilke freebsd_committer freebsd_triage 2009-04-15 08:35:00 UTC
Responsible Changed
From-To: freebsd-ports-bugs->miwi

I'll take it.
Comment 2 Pankov Pavel 2009-04-15 09:22:26 UTC
Not sure if it belongs here or should be sent to Security Officer, but here
is the proposed change for the vuln.xml about the transparent mode
advisory ( http://www.kb.cert.org/vuls/id/435052 ):
   <vuln vid="3c3a4d44-28ec-11de-9a9c-0030485c0ea4">
     <topic>ziproxy -- HTTP Host header incorrect relay behavior in  
transparent mode</topic>
     <affects>
       <package>
	<name>ziproxy</name>
	<range><lt>2.7.0</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Ziproxy developers report:</p>
	<blockquote cite="http://www.kb.cert.org/vuls/id/MAPG-7N9GN8">
	  <p>In transparent mode, ziproxy trusts the host and port provided in
	    the HTTP headers. This may be exploited using a hand-crafted HTTP
	    request so to access arbitrary websites.
	  </p>
	</blockquote>
       </body>
     </description>
     <references>
	<mlist  
msgid="200902231322.55722.dancab@gmx.net">http://sourceforge.net/mailarchive/message.php?msg_name=200902231322.55722.dancab%40gmx.net</mlist>
	<bid>33858</bid>
	<cvename>CVE-2009-0804</cvename>
	<certvu>435052</certvu>
     </references>
     <dates>
       <discovery>2009-02-23</discovery>
       <entry>2009-04-15</entry>
     </dates>
   </vuln>
Comment 3 Martin Wilke freebsd_committer freebsd_triage 2009-04-15 15:46:46 UTC
State Changed
From-To: open->closed

Committed. Thanks!
Comment 4 dfilter service freebsd_committer freebsd_triage 2009-04-15 16:12:47 UTC
miwi        2009-04-15 14:46:35 UTC

  FreeBSD ports repository

  Modified files:
    www/ziproxy          Makefile distinfo pkg-plist 
    www/ziproxy/files    patch-ziproxy.conf 
  Log:
  - Update to 2.7.0
  
  PR:             133741
  Submitted by:   Pavel Pankov <pankov_p@mail.ru> (maintainer)
  Approved by:    portmgr (flz)
  Security:       http://www.vuxml.org/freebsd/872ae5be-29c0-11de-bdeb-0030843d3802.html
  
  Revision  Changes    Path
  1.14      +4 -2      ports/www/ziproxy/Makefile
  1.12      +3 -3      ports/www/ziproxy/distinfo
  1.6       +29 -8     ports/www/ziproxy/files/patch-ziproxy.conf
  1.5       +3 -0      ports/www/ziproxy/pkg-plist
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"