Two vulnerabilities found in Cacti affect our port. One of them has been patched by the developers. Please refer to the links below for more info: http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php This PR is a reminder to update the port. A VuXML entry will be commited to mark the current version of the port vulnerable. Fix: Please update the port using the upstream security patch How-To-Repeat: N/A
niels 2010-04-24 21:14:58 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Documented vulnerabilities in moodle, tomcat55, tomcat66 and cacti PR: ports/146021 PR: ports/146022 Approved by: remko (secteam) Security: http://seclists.org/bugtraq/2010/Apr/200 Security: http://docs.moodle.org/en/Moodle_1.9.8_release_notes Security: http://www.bonsai-sec.com/en/research/vulnerability.php Revision Changes Path 1.2146 +95 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Responsible Changed From-To: freebsd-ports-bugs->sem Fix synopsis and assign.
State Changed From-To: open->closed A patch from developers applied