cvs commit: ports/security/vuxml vuln.xml
Martin Wilke
miwi at FreeBSD.org
Sat Dec 12 03:02:45 PST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This entry is wrong,
>>> Validating...
/usr/local/bin/xmllint --valid --noout /usr/home/miwi/dev/ports/security/vuxml/vuln.xml
/usr/home/miwi/dev/ports/security/vuxml/vuln.xml:51435: parser error : Premature end of data in tag vuxml line 37
^
>>> FAILED.
*** Error code 1
Please ask for review in next time.
- - Martin
On Sat, Dec 12, 2009 at 10:58:59AM +0000, Wen Heping wrote:
> wen 2009-12-12 10:58:59 UTC
>
> FreeBSD ports repository
>
> Modified files:
> security/vuxml vuln.xml
> Log:
> - Document pligg -- Cross-Site Scripting and Cross-Site Request Forgery
>
> Revision Changes Path
> 1.2083 +41 -1 ports/security/vuxml/vuln.xml
> http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.2082&r2=1.2083
> | --- ports/security/vuxml/vuln.xml 2009/12/11 15:27:17 1.2082
> | +++ ports/security/vuxml/vuln.xml 2009/12/12 10:58:58 1.2083
> | @@ -28,13 +28,53 @@ WHETHER IN CONTRACT, STRICT LIABILITY, O
> | OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
> | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> |
> | - $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.2082 2009/12/11 15:27:17 miwi Exp $
> | + $FreeBSD: /usr/local/www/cvsroot/FreeBSD/ports/security/vuxml/vuln.xml,v 1.2083 2009/12/12 10:58:58 wen Exp $
> |
> | Note: Please add new entries to the beginning of this file.
> |
> | -->
> |
> | <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> | + <vuln vid="bec38383-e6cb-11de-bdd4-000c2930e89b">
> | + <topic>pligg -- Cross-Site Scripting and Cross-Site Request Forgery</topic>
> | + <affects>
> | + <package>
> | + <name>pligg</name>
> | + <range><lt>1.0.3b</lt></range>
> | + </package>
> | + </affects>
> | + <description>
> | + <body xmlns="http://www.w3.org/1999/xhtml">
> | + <p>secunia reports:</p>
> | + <blockquote cite="http://secunia.com/advisories/37349">
> | + <p>Russ McRee has discovered some vulnerabilities in Pligg, which can
> | + be exploited by malicious people to conduct cross-site scripting and
> | + request forgery attacks.</p>
> | + <p>Input passed via the "Referer" HTTP header to various scripts (e.g.
> | + admin/admin_config.php, admin/admin_modules.php, delete.php, editlink.php,
> | + submit.php, submit_groups.php, user_add_remove_links.php, and
> | + user_settings.php) is not properly sanitised before being returned to
> | + the user. This can be exploited to execute arbitrary HTML and script
> | + code in a user's browser session in context of an affected site.</p>
> | + <p>The application allows users to perform certain actions via HTTP
> | + requests without performing any validity checks to verify the requests.
> | + This can be exploited to e.g. create an arbitrary user with administrative
> | + privileges if a logged-in administrative user visits a malicious web
> | + site.</p>
> | + </blockquote>
> | + </body>
> | + </description>
> | + <references>
> | + <url>http://secunia.com/advisories/37349/</url>
> | + <url>http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/</url>
> | + </references>
> | + <dates>
> | + <discovery>2009-12-02</discovery>
> | + <entry>2009-12-12</entry>
> | + </dates>
> | + </vuln>
> | +
> | +<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> | <vuln vid="fcbf56dd-e667-11de-920a-00248c9b4be7">
> | <topic>piwik -- php code execution</topic>
> | <affects>
>
- --
+-----------------------+-------------------------------+
| PGP : 0xB1E6FCE9 | Jabber : miwi(at)BSDCrew.de |
| Skype : splash_111 | Mail : miwi(at)FreeBSD.org |
+-----------------------+-------------------------------+
| Mess with the Best, Die like the Rest! |
+-----------------------+-------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)
iEYEARECAAYFAksjeFIACgkQdLJIhLHm/OmenwCglMgug515F5bSMgia4Z0swuQp
Y4IAn3zIIu3xOxFMr/TLAkU5Ul7TqlXp
=Pek7
-----END PGP SIGNATURE-----
More information about the cvs-ports
mailing list