svn commit: r341466 - head/security/vuxml

Remko Lodder remko at FreeBSD.org
Tue Jan 28 07:27:51 UTC 2014 

On 27 Jan 2014, at 23:46, Matthew Seaman <matthew at freebsd.org> wrote:

> Author: matthew
> Date: Mon Jan 27 22:46:38 2014
> New Revision: 341466
> URL: http://svnweb.freebsd.org/changeset/ports/341466
> QAT: https://qat.redports.org/buildarchive/r341466/
> 
> Log:
>  Formatting fixes
> 
>  Submitted by:	remko

Thank you!! :-)
Remko

> 
> Modified:
>  head/security/vuxml/vuln.xml
> 
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml	Mon Jan 27 22:19:40 2014	(r341465)
> +++ head/security/vuxml/vuln.xml	Mon Jan 27 22:46:38 2014	(r341466)
> @@ -68,26 +68,26 @@ Note:  Please add new entries to the beg
> 	<p>The RT development team reports:</p>
> 	<blockquote cite="http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html">
> 	  <p>Versions of RT between 4.2.0 and 4.2.2 (inclusive) are
> -	  vulnerable to a denial-of-service attack via the email
> -	  gateway; any installation which accepts mail from untrusted
> -	  sources is vulnerable, regardless of the permissions
> -	  configuration inside RT. This vulnerability is assigned
> -	  CVE-2014-1474.</p>
> +	    vulnerable to a denial-of-service attack via the email
> +	    gateway; any installation which accepts mail from untrusted
> +	    sources is vulnerable, regardless of the permissions
> +	    configuration inside RT. This vulnerability is assigned
> +	    CVE-2014-1474.</p>
> 	  <p>This vulnerability is caused by poor parsing performance
> -	  in the Email::Address::List module, which RT depends on. We
> -	  recommend that affected users upgrade their version of
> -	  Email::Address::List to v0.02 or above, which resolves the
> -	  issue. Due to a communications mishap, the release on CPAN
> -	  will temporarily appear as "unauthorized," and the
> -	  command-line cpan client will hence not install it. We
> -	  expect this to be resolved shortly; in the meantime, the
> -	  release is also available from our server.</p>
> +	    in the Email::Address::List module, which RT depends on. We
> +	    recommend that affected users upgrade their version of
> +	    Email::Address::List to v0.02 or above, which resolves the
> +	    issue. Due to a communications mishap, the release on CPAN
> +	    will temporarily appear as "unauthorized," and the
> +	    command-line cpan client will hence not install it. We
> +	    expect this to be resolved shortly; in the meantime, the
> +	    release is also available from our server.</p>
> 	</blockquote>
>       </body>
>     </description>
>     <references>
> -      <url>http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html</url>
>       <cvename>CVE-2014-1474</cvename>
> +      <url>http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html</url>
>     </references>
>     <dates>
>       <discovery>2014-01-27</discovery>
> _______________________________________________
> svn-ports-all at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-ports-all
> To unsubscribe, send any mail to "svn-ports-all-unsubscribe at freebsd.org"

-- 

/"\   Best regards,                      | remko at FreeBSD.org
\ /   Remko Lodder                       | remko at EFnet
 X    http://www.evilcoder.org/          |
/ \   ASCII Ribbon Campaign              | Against HTML Mail and News

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20140128/435ddc08/attachment.sig>

More information about the svn-ports-all mailing list