cvs commit: ports/security/vuxml vuln.xml

Remko Lodder remko at elvandar.org
Mon Oct 23 13:45:23 UTC 2006


Thank you, our users will be aware now, we will fix any issues later
(if needed).

cheers,
remko
-- 
Kind regards,

   Remko Lodder  ** remko at elvandar.org
        FreeBSD  ** remko at FreeBSD.org

   /* Quis Custodiet ipsos custodes */


<quote who="Martin Wilke">
> miwi        2006-10-23 13:15:31 UTC
>
>   FreeBSD ports repository
>
>   Modified files:
>     security/vuxml       vuln.xml
>   Log:
>   - Add entry for www/serendipity and www/serendipity-devel
>
>   Reviewed by:    markus@
>   Approved by:    portmgr (implicit VuXML), secteam (Remko (not
> reviewed yet))
>
>   Revision  Changes    Path
>   1.1209    +36 -1     ports/security/vuxml/vuln.xml
> http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.1208&r2=1.1209
> | ===================================================================
> | RCS file:
> /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v
> | retrieving revision 1.1208
> | retrieving revision 1.1209
> | diff -u -p -r1.1208 -r1.1209
> | --- ports/security/vuxml/vuln.xml	2006/10/23 11:15:11	1.1208
> | +++ ports/security/vuxml/vuln.xml	2006/10/23 13:15:30	1.1209
> | @@ -28,12 +28,47 @@ WHETHER IN CONTRACT, STRICT LIABILITY, O
> |  OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
> DOCUMENTATION,
> |  EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> |
> | -  $FreeBSD:
> /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.1208
> 2006/10/23 11:15:11 markus Exp $
> | +  $FreeBSD:
> /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.1209
> 2006/10/23 13:15:30 miwi Exp $
> |
> |  Note:  Please add new entries to the beginning of this file.
> |
> |  -->
> |  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> | +  <vuln vid="96ed277b-60e0-11db-ad2d-0016179b2dd5">
> | +    <topic>Serendipity -- XSS Vulnerabilities</topic>
> | +    <affects>
> | +      <package>
> | +	<name>serendipity</name>
> | +	<range><lt>1.0.1</lt></range>
> | +      </package>
> | +    </affects>
> | +    <description>
> | +      <body xmlns="http://www.w3.org/1999/xhtml">
> | +	<p>The Serendipity Team reports:</p>
> | +	<blockquote
> cite="http://blog.s9y.org/archives/147-Serendipity-1.0.2-and-1.1-beta5-released.html">
> | +	  <p>Serendipity failed to correctly sanitize user input on the
> | +	    media manager administration page. The content of GET variables
> | +	    were written into JavaScript strings. By using standard string
> | +	    evasion techniques it was possible to execute arbitrary
> | +	    JavaScript.</p>
> | +	  <p>Additionally Serendipity dynamically created a HTML form on
> | +	    the media manager administration page that contained all
> | +	    variables found in the URL as hidden fields. While the variable
> | +	    values were correctly escaped it was possible to break out
> | +	    by specifying strange variable names.</p>
> | +	</blockquote>
> | +      </body>
> | +    </description>
> | +    <references>
> | +
> <url>http://www.hardened-php.net/advisory_112006.136.htmlSerendipity</url>
> | +      <url>http://secunia.com/advisories/22501/</url>
> | +    </references>
> | +    <dates>
> | +      <discovery>2006-10-19</discovery>
> | +      <entry>2006-10-21</entry>
> | +    </dates>
> | +  </vuln>
> | +
> |    <vuln vid="d8fbf13a-6215-11db-a59e-0211d85f11fb">
> |      <topic>kdelibs -- integer overflow in khtml</topic>
> |      <affects>
> _______________________________________________
> cvs-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/cvs-ports
> To unsubscribe, send any mail to "cvs-ports-unsubscribe at freebsd.org"
>




More information about the cvs-all mailing list