Page MenuHomeFreeBSD

security/vuxml: add www/rubygem-rest-client vulnerabilities
ClosedPublic

Authored by mmoll on May 31 2015, 9:29 PM.

Details

Reviewers
swills
eadler
delphij
mat
Group Reviewers
ports secteam
Summary

Proposed commit message:

security/vuxml: add www/rubygem-rest-client vulnerabilities

PR:		200504
Submitted by:	Sevan Janiyan <venture37@geeklan.co.uk>
Approved by:	swills (mentor), mat (mentor)
Security:	CVE-2015-1820
Security:	CVE-2015-3448
Test Plan

Validation:

mmoll@marduk:/svn/ports/security/vuxml$ make validate
/bin/sh /svn/ports/security/vuxml/files/tidy.sh "/svn/ports/security/vuxml/files/tidy.xsl" "/svn/ports/security/vuxml/vuln.xml" > "/svn/ports/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /svn/ports/security/vuxml/vuln.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python2.7 /svn/ports/security/vuxml/files/extra-validation.py /svn/ports/security/vuxml/vuln.xml

Version checking:

mmoll@marduk:/svn/ports/security/vuxml$ env PKG_DBDIR=/svn/ports/security/vuxml pkg audit rubygem-rest-client-1.7.0
rubygem-rest-client-1.7.0 is vulnerable:
rest-client -- session fixation vulnerability
CVE: CVE-2015-1820
WWW: http://vuxml.FreeBSD.org/freebsd/83a7a720-07d8-11e5-9a28-001e67150279.html

rubygem-rest-client-1.7.0 is vulnerable:
rest-client -- plaintext password disclosure
CVE: CVE-2015-3448
WWW: http://vuxml.FreeBSD.org/freebsd/ffe2d86c-07d9-11e5-9a28-001e67150279.html

1 problem(s) in the installed packages found.
mmoll@marduk:/svn/ports/security/vuxml$ env PKG_DBDIR=/svn/ports/security/vuxml pkg audit rubygem-rest-client-1.7.3
rubygem-rest-client-1.7.3 is vulnerable:
rest-client -- session fixation vulnerability
CVE: CVE-2015-1820
WWW: http://vuxml.FreeBSD.org/freebsd/83a7a720-07d8-11e5-9a28-001e67150279.html

1 problem(s) in the installed packages found.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Linters Available
Unit
No Unit Test Coverage

Event Timeline

mmoll retitled this revision from to security/vuxml: add www/rubygem-rest-client vulnerabilities.
mmoll updated this object.
mmoll edited the test plan for this revision. (Show Details)
mmoll added reviewers: swills, mat.
eadler added a reviewer: eadler.
This revision is now accepted and ready to land.Jun 1 2015, 6:38 PM

I think the "range" should be <lt>1.6.7_1</lt> so that 2015Q2 changeset (D2707) would be covered?

The change is otherwise fine by the way.