svn commit: r343150 - head/security/vuxml

Thu Feb 6 20:39:31 UTC 2014

Author: cs
Date: Thu Feb  6 20:39:30 2014
New Revision: 343150
URL: http://svnweb.freebsd.org/changeset/ports/343150
QAT: https://qat.redports.org/buildarchive/r343150/

Log:
  Update VUXML entry on recent otrs vulnerabilities
  
  Suggested by:	remko@

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================

--- head/security/vuxml/vuln.xml	Thu Feb  6 20:34:55 2014	(r343149)
+++ head/security/vuxml/vuln.xml	Thu Feb  6 20:39:30 2014	(r343150)
@@ -249,11 +249,13 @@ Note:  Please add new entries to the beg
   </vuln>
 
   <vuln vid="c7b5d72b-886a-11e3-9533-60a44c524f57">
-    <topic>otrs -- SQL injection issue</topic>
+    <topic>otrs -- multiple vulnerabilities</topic>
     <affects>
       <package>
 	<name>otrs</name>
-	<range><lt>3.2.14</lt></range>
+	<range><lt>3.1.19</lt></range>
+	<range><gt>3.2.*</gt><lt>3.2.14</lt></range>
+	<range><gt>3.3.*</gt><lt>3.3.4</lt></range>
       </package>
     </affects>
     <description>
@@ -262,29 +264,6 @@ Note:  Please add new entries to the beg
 	<blockquote cite="https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/">
 	  <p>SQL injection issue</p>
 	</blockquote>
-      </body>
-    </description>
-    <references>
-      <cvename>CVE-2014-1471</cvename>
-      <url>https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/</url>
-    </references>
-    <dates>
-      <discovery>2014-01-28</discovery>
-      <entry>2014-01-28</entry>
-    </dates>
-  </vuln>
-
-  <vuln vid="080c5370-886a-11e3-9533-60a44c524f57">
-    <topic>otrs -- CSRF issue in customer web interface</topic>
-    <affects>
-      <package>
-	<name>otrs</name>
-	<range><lt>3.2.14</lt></range>
-      </package>
-    </affects>
-    <description>
-      <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>The OTRS Project reports:</p>
 	<blockquote cite="https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/">
 	  <p>An attacker that managed to take over the session of a logged in customer
 	    could create tickets and/or send follow-ups to existing tickets due to
@@ -293,14 +272,21 @@ Note:  Please add new entries to the beg
       </body>
     </description>
     <references>
+      <cvename>CVE-2014-1471</cvename>
+      <url>https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/</url>
       <url>https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/</url>
     </references>
     <dates>
       <discovery>2014-01-28</discovery>
       <entry>2014-01-28</entry>
+      <modified>2014-02-06</modified>
     </dates>
   </vuln>
 
+  <vuln vid="080c5370-886a-11e3-9533-60a44c524f57">
+    <cancelled superseded="c7b5d72b-886a-11e3-9533-60a44c524f57"/>
+  </vuln>
+
   <vuln vid="f9810c43-87a5-11e3-9214-00262d5ed8ee">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>
