Bug 145885 - [security] www/e107 XSS and code execution
Summary: [security] www/e107 XSS and code execution
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: niels
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-20 15:30 UTC by niels
Modified: 2010-04-20 22:10 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description niels freebsd_committer 2010-04-20 15:30:05 UTC
Two serious issues affect this port (which is at version 0.7.15). You can find the descriptions in the following advisories:

http://seclists.org/bugtraq/2010/Apr/156
http://seclists.org/bugtraq/2010/Apr/160

Fix: 

Upgrade port to version 0.7.20 with the following patch:
http://people.freebsd.org/~niels/ports/diffs/e107-0.7.20.diff

Tinderbox test log:
http://freebsd.heinen.ws/tb/logs/8.0-STABLE/e107-0.7.20.log

NOTE: No functional tests have been performed!
How-To-Repeat: N/A
Comment 1 Edwin Groothuis freebsd_committer 2010-04-20 15:31:24 UTC
Responsible Changed
From-To: freebsd-ports-bugs->niels

Submitter has GNATS access (via the GNATS Auto Assign Tool)
Comment 2 Edwin Groothuis freebsd_committer 2010-04-20 15:31:26 UTC
Maintainer of www/e107,

Please note that PR ports/145885 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/145885

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 3 Edwin Groothuis freebsd_committer 2010-04-20 15:31:27 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 4 dfilter service freebsd_committer 2010-04-20 16:18:26 UTC
niels       2010-04-20 15:17:33 UTC

  FreeBSD ports repository

  Modified files:
    www/e107             Makefile distinfo 
  Log:
  Upgrade to 0.7.20 to fix two security issues
  
  PR:             ports/145885
  Reviewed by:    wen (maintainer)
  Approved by:    itetcu (mentor)
  Security:       http://seclists.org/bugtraq/2010/Apr/156
  Security:       http://seclists.org/bugtraq/2010/Apr/160
  
  Revision  Changes    Path
  1.3       +3 -3      ports/www/e107/Makefile
  1.2       +3 -3      ports/www/e107/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 niels freebsd_committer 2010-04-20 16:18:46 UTC
State Changed
From-To: feedback->closed

Patch has been committed, port is upgraded to 0.7.20
Comment 6 dfilter service freebsd_committer 2010-04-20 22:04:00 UTC
niels       2010-04-20 21:03:51 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  Documented the following vulnerabilities:
  - png: libpng decompression denial of service
  - e107: code execution and XSS vulnerabilities
  - pidgin: multiple remote denial of service vulnerabilities
  - fetchmail: denial of service vulnerability
  
  PR:             ports/145885
  PR:             ports/145857
  Approved by:    remko (secteam)
  Security:       CVE-2010-0996
  Security:       CVE-2010-0997
  Security:       CVE-2010-1167
  Security:       CVE-2010-0277
  Security:       CVE-2010-0420
  Security:       CVE-2010-0423
  Security:       CVE-2010-0205
  
  Revision  Changes    Path
  1.2143    +162 -1    ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"