svn commit: r341466 - head/security/vuxml
Matthew Seaman
matthew at FreeBSD.org
Mon Jan 27 22:46:39 UTC 2014
Author: matthew
Date: Mon Jan 27 22:46:38 2014
New Revision: 341466
URL: http://svnweb.freebsd.org/changeset/ports/341466
QAT: https://qat.redports.org/buildarchive/r341466/
Log:
Formatting fixes
Submitted by: remko
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Jan 27 22:19:40 2014 (r341465)
+++ head/security/vuxml/vuln.xml Mon Jan 27 22:46:38 2014 (r341466)
@@ -68,26 +68,26 @@ Note: Please add new entries to the beg
<p>The RT development team reports:</p>
<blockquote cite="http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html">
<p>Versions of RT between 4.2.0 and 4.2.2 (inclusive) are
- vulnerable to a denial-of-service attack via the email
- gateway; any installation which accepts mail from untrusted
- sources is vulnerable, regardless of the permissions
- configuration inside RT. This vulnerability is assigned
- CVE-2014-1474.</p>
+ vulnerable to a denial-of-service attack via the email
+ gateway; any installation which accepts mail from untrusted
+ sources is vulnerable, regardless of the permissions
+ configuration inside RT. This vulnerability is assigned
+ CVE-2014-1474.</p>
<p>This vulnerability is caused by poor parsing performance
- in the Email::Address::List module, which RT depends on. We
- recommend that affected users upgrade their version of
- Email::Address::List to v0.02 or above, which resolves the
- issue. Due to a communications mishap, the release on CPAN
- will temporarily appear as "unauthorized," and the
- command-line cpan client will hence not install it. We
- expect this to be resolved shortly; in the meantime, the
- release is also available from our server.</p>
+ in the Email::Address::List module, which RT depends on. We
+ recommend that affected users upgrade their version of
+ Email::Address::List to v0.02 or above, which resolves the
+ issue. Due to a communications mishap, the release on CPAN
+ will temporarily appear as "unauthorized," and the
+ command-line cpan client will hence not install it. We
+ expect this to be resolved shortly; in the meantime, the
+ release is also available from our server.</p>
</blockquote>
</body>
</description>
<references>
- <url>http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html</url>
<cvename>CVE-2014-1474</cvename>
+ <url>http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html</url>
</references>
<dates>
<discovery>2014-01-27</discovery>
More information about the svn-ports-all
mailing list