diff options
| author | Greg Larkin <glarkin@FreeBSD.org> | 2008-09-15 02:03:17 +0000 |
|---|---|---|
| committer | Greg Larkin <glarkin@FreeBSD.org> | 2008-09-15 02:03:17 +0000 |
| commit | 903bc40e2f495daebeec72df7dd741565dac0495 (patch) | |
| tree | f7066039094a1282d9a3b51fd392f56fe9dda810 | |
| parent | - Mark BROKEN: does not compile (diff) | |
- Mark www/twiki FORBIDDEN due to security exploit
Approved by: beech (mentor, implicit)
Approved by: portmgr (pav)
Security: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195
Notes
Notes:
svn path=/head/; revision=220377
| -rw-r--r-- | security/vuxml/vuln.xml | 33 | ||||
| -rw-r--r-- | www/twiki/Makefile | 4 |
2 files changed, 36 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3fc8035b7aa7..99bfbdf9c8c4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9227dcaf-827f-11dd-9cd7-0050568452ac"> + <topic>twiki -- Arbitrary code execution in session files</topic> + <affects> + <package> + <name>twiki</name> + <range><ge>4.0.0</ge><le>4.0.5</le></range> + <range><ge>4.1.0</ge><le>4.1.2</le></range> + <range><ge>4.2.0</ge><le>4.2.2</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Th1nk3r (cnwfhguohrugbo / gmail.com) reports:</p> + <blockquote cite="http://www.milw0rm.com/exploits/6269"> + <p>TWiki version 4.2.0 (I haven't tested other versions) is + vulnerable to a File Disclosure. It's only possible to + exploit the bug if you can access the "/bin/configure" script.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-3195</cvename> + <url>http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195</url> + <url>http://www.kb.cert.org/vuls/id/362012</url> + <url>https://inspectit.accessitgroup.com/threats/details.cgi?id=34031</url> + <url>http://www.nessus.org/plugins/index.php?view=single&id=34031</url> + </references> + <dates> + <discovery>2008-08-05</discovery> + <entry>2008-09-14</entry> + </dates> + </vuln> + <vuln vid="755fa519-80a9-11dd-8de5-0030843d3802"> <topic>neon -- NULL pointer dereference in Digest domain support</topic> <affects> diff --git a/www/twiki/Makefile b/www/twiki/Makefile index 0ce2f2132287..ef30b3fee057 100644 --- a/www/twiki/Makefile +++ b/www/twiki/Makefile @@ -7,7 +7,7 @@ PORTNAME= twiki PORTVERSION= 4.2.0 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= www MASTER_SITES= http://twiki.org/p/pub/Codev/Release/ \ @@ -18,6 +18,8 @@ EXTRACT_SUFX= .tgz MAINTAINER= glarkin@FreeBSD.org COMMENT= Flexible, powerful, and easy to use enterprise wiki +FORBIDDEN= Contains security exploit: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195 + RUN_DEPENDS= \ p5-Algorithm-Diff>=0:${PORTSDIR}/devel/p5-Algorithm-Diff \ p5-Error>=0:${PORTSDIR}/lang/p5-Error \ |