svn commit: r444930 - head/security/vuxml
Kubilay Kocak
koobs at FreeBSD.org
Mon Jul 3 10:09:15 UTC 2017
On 7/3/17 7:30 PM, Bernard Spil wrote:
> Author: brnrd
> Date: Mon Jul 3 09:30:03 2017
> New Revision: 444930
> URL: https://svnweb.freebsd.org/changeset/ports/444930
>
> Log:
> security/vuxml: Document smarty3 shell injection vuln
PR: 220435
> Modified:
> head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml Mon Jul 3 09:14:39 2017 (r444929)
> +++ head/security/vuxml/vuln.xml Mon Jul 3 09:30:03 2017 (r444930)
> @@ -58,6 +58,31 @@ Notes:
> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> + <vuln vid="6e4e35c3-5fd1-11e7-9def-b499baebfeaf">
> + <topic>smarty3 -- shell injection in math</topic>
> + <affects>
> + <package>
> + <name>smarty3</name>
> + <range><lt>3.1.30</lt></range>
> + </package>
> + </affects>
> + <description>
> + <body xmlns="http://www.w3.org/1999/xhtml">
> + <p>The smarty project reports:</p>
> + <blockquote cite="https://github.com/smarty-php/smarty/blob/v3.1.30/change_log.txt">
> + <p>bugfix {math} shell injection vulnerability</p>
> + </blockquote>
> + </body>
> + </description>
> + <references>
> + <url>https://github.com/smarty-php/smarty/blob/v3.1.30/change_log.txt</url>
> + </references>
> + <dates>
> + <discovery>2016-07-19</discovery>
> + <entry>2017-07-03</entry>
> + </dates>
> + </vuln>
> +
> <vuln vid="ed3bf433-5d92-11e7-aa14-e8e0b747a45a">
> <topic>libgcrypt -- side-channel attack on RSA secret keys</topic>
> <affects>
>
More information about the svn-ports-all
mailing list