[Bug 199091] [databases/cassandra][security] CVE-2015-0225
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat May 23 14:55:49 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199091
jason.unovitch at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jason.unovitch at gmail.com
--- Comment #1 from jason.unovitch at gmail.com ---
Created attachment 157082
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=157082&action=edit
security/vuxml documentation for Apache Cassandra CVE-2015-0225
Per upstream security advisory, 1.2.x has reached EOL so there is not going to
be update that will fix databases/cassandra. As such, start by documenting the
upstream advisory in security/vuxml.
#
# Validation Checks
#
# make validate
/bin/sh /usr/ports/security/vuxml/files/tidy.sh
"/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml"
> "/usr/ports/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py
/usr/ports/security/vuxml/vuln.xml
#
# Pkg audit checks, starting with fixed version and working downward
#
# env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cassandra2-2.1.4
0 problem(s) in the installed packages found.
# env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cassandra2-2.1.1
cassandra2-2.1.1 is vulnerable:
cassandra -- remote execution of arbitrary code
CVE: CVE-2015-0225
WWW: http://vuxml.FreeBSD.org/freebsd/607f4d44-0158-11e5-8fda-002590263bf5.html
1 problem(s) in the installed packages found.
root at xts-bsd /u/p/s/vuxml# env PKG_DBDIR=/usr/ports/security/vuxml pkg audit
cassandra2-2.0.10
cassandra2-2.0.10 is vulnerable:
cassandra -- remote execution of arbitrary code
CVE: CVE-2015-0225
WWW: http://vuxml.FreeBSD.org/freebsd/607f4d44-0158-11e5-8fda-002590263bf5.html
1 problem(s) in the installed packages found.
# env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cassandra-1.2.18
cassandra-1.2.18 is vulnerable:
cassandra -- remote execution of arbitrary code
CVE: CVE-2015-0225
WWW: http://vuxml.FreeBSD.org/freebsd/607f4d44-0158-11e5-8fda-002590263bf5.html
1 problem(s) in the installed packages found.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list