Version in ports is vulnerable to CVE-2016-4561 vuxml entry is missing https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4561
A commit references this bug: Author: mat Date: Wed May 18 11:15:45 UTC 2016 New revision: 415432 URL: https://svnweb.freebsd.org/changeset/ports/415432 Log: Update to 3.20160509. PR: 209593 Reported by: Sevan Janiyan MFH: 2016Q2 Security: CVE-2016-4561 Sponsored by: Absolight Changes: head/www/ikiwiki/Makefile head/www/ikiwiki/distinfo
Over to the security team for the vuxml entry.
A commit references this bug: Author: junovitch Date: Sun Jun 5 16:36:59 UTC 2016 New revision: 416397 URL: https://svnweb.freebsd.org/changeset/ports/416397 Log: Document ikiwiki XSS vulnerability PR: 209593 Reported by: Sevan Janiyan <venture37@geeklan.co.uk> Security: CVE-2016-4561 Security: https://vuxml.FreeBSD.org/freebsd/0297b260-2b3b-11e6-ae88-002590263bf5.html Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: junovitch Date: Sun Jun 5 16:38:24 UTC 2016 New revision: 416399 URL: https://svnweb.freebsd.org/changeset/ports/416399 Log: MFH: r415432 Update to 3.20160509. PR: 209593 Reported by: Sevan Janiyan Security: CVE-2016-4561 Sponsored by: Absolight Approved by: ports-secteam (with hat) Changes: _U branches/2016Q2/ branches/2016Q2/www/ikiwiki/Makefile branches/2016Q2/www/ikiwiki/distinfo