This will be announced 2018/12/13 and refers to the fix
already included in the current release. It will need
an MFH request for the port too (reminder to self).
Details
Details
- Reviewers
jrm - Commits
- rP487870: Document databases/couchdb2 and databases/couchdb vulnerability
pkg audit DTRT:
make validate is
dch@wintermute /p/f/p/s/vuxml> pkg audit -f ./vuln.xml couchdb-1
couchdb-1 is vulnerable:
couchdb -- administrator privilege escalation
CVE: CVE-2018-17188
WWW: https://vuxml.FreeBSD.org/freebsd/1999a215-fc6b-11e8-8a95-ac1f6b67e138.html
couchdb-1 is vulnerable:
couchdb -- administrator privilege escalation
CVE: CVE-2018-11769
WWW: https://vuxml.FreeBSD.org/freebsd/9b19b6df-a4be-11e8-9366-0028f8d09152.html
couchdb-1 is vulnerable:
couchdb -- DOM based Cross-Site Scripting via Futon UI
CVE: CVE-2012-5650
WWW: https://vuxml.FreeBSD.org/freebsd/4fb45a1c-c5d0-11e2-8400-001b216147b0.html
couchdb-1 is vulnerable:
couchdb -- multiple vulnerabilities
CVE: CVE-2017-12635
CVE: CVE-2017-12636
CVE: CVE-2018-8007
WWW: https://vuxml.FreeBSD.org/freebsd/1e54d140-8493-11e8-a795-0028f8d09152.html
1 problem(s) in the installed packages found.
dch@wintermute /p/f/p/s/vuxml> pkg audit -f ./vuln.xml couchdb2
couchdb2 is vulnerable:
Affected versions:
< 2.3.0
couchdb -- administrator privilege escalation
CVE: CVE-2018-17188
WWW: https://vuxml.FreeBSD.org/freebsd/1999a215-fc6b-11e8-8a95-ac1f6b67e138.html
1 problem(s) in the installed packages found.
dch@wintermute /p/f/p/s/vuxml>
Diff Detail
Diff Detail
- Repository
- rP FreeBSD ports repository
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
Comment Actions
I assume you did all the validation tests. There may be some misalignment of text between <p></p>.