ports/146337: [security] devel/lxr XSS vulnerabilities
Niels Heinen
niels at FreeBSD.org
Wed May 5 18:50:02 UTC 2010
>Number: 146337
>Category: ports
>Synopsis: [security] devel/lxr XSS vulnerabilities
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed May 05 18:50:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Niels Heinen
>Release: 8.0-STABLE
>Organization:
>Environment:
>Description:
>From the bug report:
There are several cross-site scripting vulnerabilities in LXR. These
vulnerabilities could allow an attacker to execute scripts in a user's
browser, steal cookies associated with vulnerable domains,
redirect the user to malicious websites, etc.
This PR is to request a port upgrade. A VuXML entry will be committed shortly and therefore the port will be marked vulnerable until this PR is solved.
>How-To-Repeat:
N/A
>Fix:
Two actions are required:
1) Please upgrade to port to version 0.9.8 (fixes CVE-2009-4497)
2) Apply the following patch:
http://lxr.cvs.sourceforge.net/viewvc/lxr/lxr/lib/LXR/Common.pm?r1=1.63&r2=1.64
Thanks in advance!
Niels
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list