Proposed commit message:
security/vuxml: add www/rubygem-rest-client vulnerabilities PR: 200504 Submitted by: Sevan Janiyan <venture37@geeklan.co.uk> Approved by: swills (mentor), mat (mentor) Security: CVE-2015-1820 Security: CVE-2015-3448
Details
Details
- Reviewers
swills eadler delphij mat - Group Reviewers
ports secteam
Validation:
mmoll@marduk:/svn/ports/security/vuxml$ make validate /bin/sh /svn/ports/security/vuxml/files/tidy.sh "/svn/ports/security/vuxml/files/tidy.xsl" "/svn/ports/security/vuxml/vuln.xml" > "/svn/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /svn/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /svn/ports/security/vuxml/files/extra-validation.py /svn/ports/security/vuxml/vuln.xml
Version checking:
mmoll@marduk:/svn/ports/security/vuxml$ env PKG_DBDIR=/svn/ports/security/vuxml pkg audit rubygem-rest-client-1.7.0 rubygem-rest-client-1.7.0 is vulnerable: rest-client -- session fixation vulnerability CVE: CVE-2015-1820 WWW: http://vuxml.FreeBSD.org/freebsd/83a7a720-07d8-11e5-9a28-001e67150279.html rubygem-rest-client-1.7.0 is vulnerable: rest-client -- plaintext password disclosure CVE: CVE-2015-3448 WWW: http://vuxml.FreeBSD.org/freebsd/ffe2d86c-07d9-11e5-9a28-001e67150279.html 1 problem(s) in the installed packages found. mmoll@marduk:/svn/ports/security/vuxml$ env PKG_DBDIR=/svn/ports/security/vuxml pkg audit rubygem-rest-client-1.7.3 rubygem-rest-client-1.7.3 is vulnerable: rest-client -- session fixation vulnerability CVE: CVE-2015-1820 WWW: http://vuxml.FreeBSD.org/freebsd/83a7a720-07d8-11e5-9a28-001e67150279.html 1 problem(s) in the installed packages found.
Diff Detail
Diff Detail
- Repository
- rP FreeBSD ports repository
- Lint
No Lint Coverage - Unit
No Test Coverage
Event Timeline
Comment Actions
I think the "range" should be <lt>1.6.7_1</lt> so that 2015Q2 changeset (D2707) would be covered?