cvs commit: ports/security/vuxml vuln.xml
Thierry Thomas
thierry at FreeBSD.org
Tue Nov 14 21:04:00 UTC 2006
Le Mar 14 nov 06 à 20:14:26 +0100, Remko Lodder <remko at FreeBSD.org>
écrivait :
> Simon L. Nielsen wrote:
> >On 2006.11.14 16:57:17 +0000, Xin LI wrote:
> >>delphij 2006-11-14 16:57:17 UTC
> >>
> >> FreeBSD ports repository
> >>
> >> Modified files:
> >> security/vuxml vuln.xml
> >> Log:
> >> The Command Injection Vulnerability was corrected by awstats 6.5_2,1.
> >>
> >> Submitted by: Alex Samorukov
> >> PR: ports/105233
> >
> >Have you checked that the issues have really been fixed?
> >
>
> That was exactly the reason why I did not mark the entry
> as fixed yet...
I committed PR ports/104784, because it seems to me that the submitted
patch back-ported fixes from the devel version, as advertized by the
maintainer.
Unfortunately, AWStats is affected by several vulnerabilities, and it's
not clear to me which one is concerned by VuXML ID
2df297a2-dc74-11da-a22b-000c6ec775d9. Perhaps should we precise the CVE
references and / or add another entry in VuXML?
References:
- Vendor's explanations:
<http://awstats.sourceforge.net/awstats_security_news.php>
- VuXML entry:
<http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html>
- PR ports/104784:
<http://www.freebsd.org/cgi/query-pr.cgi?pr=104784>
- CVE-2006-3681
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3681>
- Debian's PR with patches & discussion:
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364443>
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909>
Regards,
--
Th. Thomas.
More information about the cvs-all
mailing list