[Bug 201893] sysutils/logstash: Update to 1.5.3
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jul 27 01:39:53 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201893
Jason Unovitch <jason.unovitch at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jason.unovitch at gmail.com,
| |ports-secteam at FreeBSD.org
Attachment #159290| |maintainer-approval?(ports-
Flags| |secteam at FreeBSD.org)
--- Comment #2 from Jason Unovitch <jason.unovitch at gmail.com> ---
Created attachment 159290
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159290&action=edit
security/vuxml for CVE-2015-5378 in logstash < 1.5.3
Enrico,
Thanks for the quick update! Here's security/vuxml to go along with the
update.
Log:
Document logstash SSL/TLS security vulnerability (FREAK attack)
PR: 201893
Security: CVE-2015-5378
Security: c470bcc7-33fe-11e5-a4a5-002590263bf5
Validation:
> make validate
/bin/sh /usr/ports/security/vuxml/files/tidy.sh
"/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml"
> "/usr/ports/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py
/usr/ports/security/vuxml/vuln.xml
> env PKG_DBDIR=/usr/ports/security/vuxml pkg audit logstash-1.5.1
logstash-1.5.1 is vulnerable:
logstash -- SSL/TLS vulnerability with Lumberjack input
CVE: CVE-2015-5378
WWW:
https://vuxml.FreeBSD.org/freebsd/c470bcc7-33fe-11e5-a4a5-002590263bf5.html
1 problem(s) in the installed packages found.
> env PKG_DBDIR=/usr/ports/security/vuxml pkg audit logstash-1.5.3
0 problem(s) in the installed packages found.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list