svn commit: r341466 - head/security/vuxml

Matthew Seaman matthew at FreeBSD.org
Mon Jan 27 22:46:39 UTC 2014 

Author: matthew
Date: Mon Jan 27 22:46:38 2014
New Revision: 341466
URL: http://svnweb.freebsd.org/changeset/ports/341466
QAT: https://qat.redports.org/buildarchive/r341466/

Log:
  Formatting fixes
  
  Submitted by:	remko

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon Jan 27 22:19:40 2014	(r341465)
+++ head/security/vuxml/vuln.xml	Mon Jan 27 22:46:38 2014	(r341466)
@@ -68,26 +68,26 @@ Note:  Please add new entries to the beg
 	<p>The RT development team reports:</p>
 	<blockquote cite="http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html">
 	  <p>Versions of RT between 4.2.0 and 4.2.2 (inclusive) are
-	  vulnerable to a denial-of-service attack via the email
-	  gateway; any installation which accepts mail from untrusted
-	  sources is vulnerable, regardless of the permissions
-	  configuration inside RT. This vulnerability is assigned
-	  CVE-2014-1474.</p>
+	    vulnerable to a denial-of-service attack via the email
+	    gateway; any installation which accepts mail from untrusted
+	    sources is vulnerable, regardless of the permissions
+	    configuration inside RT. This vulnerability is assigned
+	    CVE-2014-1474.</p>
 	  <p>This vulnerability is caused by poor parsing performance
-	  in the Email::Address::List module, which RT depends on. We
-	  recommend that affected users upgrade their version of
-	  Email::Address::List to v0.02 or above, which resolves the
-	  issue. Due to a communications mishap, the release on CPAN
-	  will temporarily appear as "unauthorized," and the
-	  command-line cpan client will hence not install it. We
-	  expect this to be resolved shortly; in the meantime, the
-	  release is also available from our server.</p>
+	    in the Email::Address::List module, which RT depends on. We
+	    recommend that affected users upgrade their version of
+	    Email::Address::List to v0.02 or above, which resolves the
+	    issue. Due to a communications mishap, the release on CPAN
+	    will temporarily appear as "unauthorized," and the
+	    command-line cpan client will hence not install it. We
+	    expect this to be resolved shortly; in the meantime, the
+	    release is also available from our server.</p>
 	</blockquote>
       </body>
     </description>
     <references>
-      <url>http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html</url>
       <cvename>CVE-2014-1474</cvename>
+      <url>http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html</url>
     </references>
     <dates>
       <discovery>2014-01-27</discovery>

More information about the svn-ports-all mailing list