svn commit: r335393 - in head: security/vuxml sysutils/monitorix
Olli Hauer
ohauer at FreeBSD.org
Sun Dec 1 15:10:20 UTC 2013
Author: ohauer
Date: Sun Dec 1 15:10:18 2013
New Revision: 335393
URL: http://svnweb.freebsd.org/changeset/ports/335393
Log:
- security update to 3.3.1
This is a maintenance release that fixes a serious bug in the built-in HTTP
server. It was discovered that the handle_request() routine did not properly
perform input sanitization which led into a number of security
vulnerabilities.
An unauthenticated, remote attacker could exploit this flaw to execute
arbitrary commands on the remote host.
All users still using older versions are advised to upgrade to this version,
which resolves this issue.
Approved by: crees (maintainer, per PM)
Security: 620cf713-5a99-11e3-878d-20cf30e32f6d
Modified:
head/security/vuxml/vuln.xml
head/sysutils/monitorix/Makefile
head/sysutils/monitorix/distinfo
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Dec 1 15:10:15 2013 (r335392)
+++ head/security/vuxml/vuln.xml Sun Dec 1 15:10:18 2013 (r335393)
@@ -51,6 +51,37 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="620cf713-5a99-11e3-878d-20cf30e32f6d">
+ <topic>monitorix -- serious bug in the built-in HTTP server</topic>
+ <affects>
+ <package>
+ <name>monitorix</name>
+ <range><lt>3.3.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Monitorix Project reports:</p>
+ <blockquote cite="http://www.monitorix.org/news.html#N331">
+ <p>A serious bug in the built-in HTTP server. It was discovered that the
+ handle_request() routine did not properly perform input sanitization
+ which led into a number of security vulnerabilities. An unauthenticated,
+ remote attacker could exploit this flaw to execute arbitrary commands on
+ the remote host. All users still using older versions are advised to
+ upgrade to this version, which resolves this issue.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.monitorix.org/news.html#N331</url>
+ <url>https://github.com/mikaku/Monitorix/issues/30</url>
+ </references>
+ <dates>
+ <discovery>2013-11-21</discovery>
+ <entry>2013-12-01</entry>
+ </dates>
+ </vuln>
+
<vuln vid="e3244a7b-5603-11e3-878d-20cf30e32f6d">
<topic>subversion -- multiple vulnerabilities</topic>
<affects>
Modified: head/sysutils/monitorix/Makefile
==============================================================================
--- head/sysutils/monitorix/Makefile Sun Dec 1 15:10:15 2013 (r335392)
+++ head/sysutils/monitorix/Makefile Sun Dec 1 15:10:18 2013 (r335393)
@@ -1,8 +1,7 @@
-# Created by: Olli Hauer <ohauer at FreeBSD.org>
# $FreeBSD$
PORTNAME= monitorix
-PORTVERSION= 3.3.0
+PORTVERSION= 3.3.1
CATEGORIES= sysutils
MASTER_SITES= http://www.monitorix.org/ \
http://www.monitorix.org/old_versions/ \
Modified: head/sysutils/monitorix/distinfo
==============================================================================
--- head/sysutils/monitorix/distinfo Sun Dec 1 15:10:15 2013 (r335392)
+++ head/sysutils/monitorix/distinfo Sun Dec 1 15:10:18 2013 (r335393)
@@ -1,2 +1,2 @@
-SHA256 (monitorix-3.3.0.tar.gz) = 9578d79121034cfee94ebcdcec3a1c55fddd0ff022cdd8184d1d5109f813d29a
-SIZE (monitorix-3.3.0.tar.gz) = 186782
+SHA256 (monitorix-3.3.1.tar.gz) = b308cc300bba52ba2b8a8d6e613ddac042c9a27aa6f38dbf24c7e9358a70447d
+SIZE (monitorix-3.3.1.tar.gz) = 186779
More information about the svn-ports-all
mailing list