Bug 212378 - mail/mailman - missing vuxml entry
Summary: mail/mailman - missing vuxml entry
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Matthias Andree
URL: https://vuxml.freebsd.org/freebsd/b11...
Keywords: security
Depends on:
Blocks:
 
Reported: 2016-09-04 23:56 UTC by Sevan Janiyan
Modified: 2016-09-06 08:37 UTC (History)
1 user (show)

See Also:
mandree: maintainer-feedback+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2016-09-04 23:56:26 UTC 
CVE-2016-7123 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7123
Comment 1 Matthias Andree freebsd_committer freebsd_triage 2016-09-05 06:49:15 UTC 
Thanks for the pointer, will add this later; we already have other Security information in place that overlap this information up to a later version,
https://vuxml.freebsd.org/freebsd/b11ab01b-6e19-11e6-ab24-080027ef73ec.html
Comment 2 Matthias Andree freebsd_committer freebsd_triage 2016-09-05 07:01:58 UTC 
How does this relate to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0707 CVE-2011-0707 reported as VuXML ID 64691c49-4b22-11e0-a226-00e0815b8da8? These look very similar.
Comment 3 Matthias Andree freebsd_committer freebsd_triage 2016-09-05 07:12:30 UTC 
Adding https://bugs.launchpad.net/bugs/1614841 because that's where I've taken discussion for now.
Comment 4 Matthias Andree freebsd_committer freebsd_triage 2016-09-06 08:37:38 UTC 
The actual reference is https://bugs.launchpad.net/mailman/+bug/775294
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-09-06 08:37:48 UTC 
A commit references this bug:

Author: mandree
Date: Tue Sep  6 08:37:04 UTC 2016
New revision: 421409
URL: https://svnweb.freebsd.org/changeset/ports/421409

Log:
  Add CVE-2016-7123 for resolved mailman CSRF.

  PR:		212378
  Reported by:	Sevan Janiyan
  Security:	CVE-2016-7123
  Security:	9e50dcc3-740b-11e6-94a2-080027ef73ec

Changes:
  head/security/vuxml/vuln.xml