ports/146337: [security] devel/lxr XSS vulnerabilities

Niels Heinen niels at FreeBSD.org
Wed May 5 18:50:02 UTC 2010

>Number:         146337
>Category:       ports
>Synopsis:       [security] devel/lxr XSS vulnerabilities
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 05 18:50:02 UTC 2010
>Originator:     Niels Heinen
>Release:        8.0-STABLE

>From the bug report:

There are several cross-site scripting vulnerabilities in LXR.  These
vulnerabilities could allow an attacker to execute scripts in a user's
browser, steal cookies associated with vulnerable domains,
redirect the user to malicious websites, etc.

This PR is to request a port upgrade. A VuXML entry will be committed shortly and therefore the port will be marked vulnerable until this PR is solved.


Two actions are required:

1) Please upgrade to port to version 0.9.8 (fixes CVE-2009-4497)
2) Apply the following patch:

Thanks in advance!


More information about the freebsd-ports-bugs mailing list