Bug 209593 - www/ikiwiki - CVE-2016-4561
Summary: www/ikiwiki - CVE-2016-4561
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ports Security Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-18 02:07 UTC by Sevan Janiyan
Modified: 2016-06-05 16:42 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2016-05-18 02:07:03 UTC
Version in ports is vulnerable to CVE-2016-4561
vuxml entry is missing
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4561
Comment 1 commit-hook freebsd_committer 2016-05-18 11:16:07 UTC
A commit references this bug:

Author: mat
Date: Wed May 18 11:15:45 UTC 2016
New revision: 415432
URL: https://svnweb.freebsd.org/changeset/ports/415432

Log:
  Update to 3.20160509.

  PR:		209593
  Reported by:	Sevan Janiyan
  MFH:		2016Q2
  Security:	CVE-2016-4561
  Sponsored by:	Absolight

Changes:
  head/www/ikiwiki/Makefile
  head/www/ikiwiki/distinfo
Comment 2 Mathieu Arnold freebsd_committer 2016-05-18 11:16:37 UTC
Over to the security team for the vuxml entry.
Comment 3 commit-hook freebsd_committer 2016-06-05 16:37:54 UTC
A commit references this bug:

Author: junovitch
Date: Sun Jun  5 16:36:59 UTC 2016
New revision: 416397
URL: https://svnweb.freebsd.org/changeset/ports/416397

Log:
  Document ikiwiki XSS vulnerability

  PR:		209593
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Security:	CVE-2016-4561
  Security:	https://vuxml.FreeBSD.org/freebsd/0297b260-2b3b-11e6-ae88-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 4 commit-hook freebsd_committer 2016-06-05 16:38:58 UTC
A commit references this bug:

Author: junovitch
Date: Sun Jun  5 16:38:24 UTC 2016
New revision: 416399
URL: https://svnweb.freebsd.org/changeset/ports/416399

Log:
  MFH: r415432

  Update to 3.20160509.

  PR:		209593
  Reported by:	Sevan Janiyan
  Security:	CVE-2016-4561
  Sponsored by:	Absolight

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q2/
  branches/2016Q2/www/ikiwiki/Makefile
  branches/2016Q2/www/ikiwiki/distinfo