- Update to 2.7.0 Fix: Apply the patch. Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->miwi I'll take it.
Not sure if it belongs here or should be sent to Security Officer, but here is the proposed change for the vuln.xml about the transparent mode advisory ( http://www.kb.cert.org/vuls/id/435052 ): <vuln vid="3c3a4d44-28ec-11de-9a9c-0030485c0ea4"> <topic>ziproxy -- HTTP Host header incorrect relay behavior in transparent mode</topic> <affects> <package> <name>ziproxy</name> <range><lt>2.7.0</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Ziproxy developers report:</p> <blockquote cite="http://www.kb.cert.org/vuls/id/MAPG-7N9GN8"> <p>In transparent mode, ziproxy trusts the host and port provided in the HTTP headers. This may be exploited using a hand-crafted HTTP request so to access arbitrary websites. </p> </blockquote> </body> </description> <references> <mlist msgid="200902231322.55722.dancab@gmx.net">http://sourceforge.net/mailarchive/message.php?msg_name=200902231322.55722.dancab%40gmx.net</mlist> <bid>33858</bid> <cvename>CVE-2009-0804</cvename> <certvu>435052</certvu> </references> <dates> <discovery>2009-02-23</discovery> <entry>2009-04-15</entry> </dates> </vuln>
State Changed From-To: open->closed Committed. Thanks!
miwi 2009-04-15 14:46:35 UTC FreeBSD ports repository Modified files: www/ziproxy Makefile distinfo pkg-plist www/ziproxy/files patch-ziproxy.conf Log: - Update to 2.7.0 PR: 133741 Submitted by: Pavel Pankov <pankov_p@mail.ru> (maintainer) Approved by: portmgr (flz) Security: http://www.vuxml.org/freebsd/872ae5be-29c0-11de-bdeb-0030843d3802.html Revision Changes Path 1.14 +4 -2 ports/www/ziproxy/Makefile 1.12 +3 -3 ports/www/ziproxy/distinfo 1.6 +29 -8 ports/www/ziproxy/files/patch-ziproxy.conf 1.5 +3 -0 ports/www/ziproxy/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"