cvs commit: ports/security/vuxml vuln.xml

Philip M. Gollucci pgollucci at p6m7g8.com
Fri Aug 19 23:03:05 UTC 2011


Just update the port, and we'll deal with the pavmail.  I didn't realize
it was security related.


On 08/19/11 18:42, Xin LI wrote:
> delphij     2011-08-19 18:42:12 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     security/vuxml       vuln.xml 
>   Log:
>   Document Rails multiple vulnerabilities.
>   
>   Revision  Changes    Path
>   1.2415    +34 -1     ports/security/vuxml/vuln.xml
> 
> http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.2414&r2=1.2415&f=h
> | --- ports/security/vuxml/vuln.xml	2011/08/19 17:46:10	1.2414
> | +++ ports/security/vuxml/vuln.xml	2011/08/19 18:42:12	1.2415
> | @@ -28,12 +28,45 @@ WHETHER IN CONTRACT, STRICT LIABILITY, O
> |  OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
> |  EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> |  
> | -  $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.2414 2011/08/19 17:46:10 delphij Exp $
> | +  $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.2415 2011/08/19 18:42:12 delphij Exp $
> |  
> |  Note:  Please add new entries to the beginning of this file.
> |  
> |  -->
> |  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> | +  <vuln vid="be77eff6-ca91-11e0-aea3-00215c6a37bb">
> | +    <topic>rubygem-rails -- multiple vulnerabilities</topic>
> | +    <affects>
> | +      <package>
> | +	<name>rubygem-rails</name>
> | +	<range><lt>3.0.10</lt></range>
> | +      </package>
> | +    </affects>
> | +    <description>
> | +      <body xmlns="http://www.w3.org/1999/xhtml">
> | +	<p>SecurityFocus reports:</p>
> | +	<blockquote cite="http://www.securityfocus.com/bid/49179/discuss">
> | +	  <p>Ruby on Rails is prone to multiple vulnerabilities
> | +	    including SQL-injection, information-disclosure,
> | +	    HTTP-header-injection, security-bypass and cross-site
> | +	    scripting issues.</p>
> | +	</blockquote>
> | +      </body>
> | +    </description>
> | +    <references>
> | +      <bid>49179</bid>
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b</url>
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6</url>
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768</url>
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12</url>
> | +      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195</url>
> | +    </references>
> | +    <dates>
> | +      <discovery>2011-08-16</discovery>
> | +      <entry>2011-08-19</entry>
> | +    </dates>
> | +  </vuln>
> | +
> |    <vuln vid="0b53f5f7-ca8a-11e0-aea3-00215c6a37bb">
> |      <topic>dovecot -- denial of service vulnerability</topic>
> |      <affects>


-- 
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci at p6m7g8.com) c: 703.336.9354
VP Infrastructure,                Apache Software Foundation
Committer,                        FreeBSD Foundation
Consultant,                       P6M7G8 Inc.
Sr. System Admin,                 Ridecharge Inc.

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.


More information about the cvs-all mailing list