1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-25 04:43:33 +00:00

- security update to 3.3.1

This is a maintenance release that fixes a serious bug in the built-in HTTP
server. It was discovered that the handle_request() routine did not properly
perform input sanitization which led into a number of security
vulnerabilities.

An unauthenticated, remote attacker could exploit this flaw to execute
arbitrary commands on the remote host.

All users still using older versions are advised to upgrade to this version,
which resolves this issue.

Approved by:	crees (maintainer, per PM)
Security:	620cf713-5a99-11e3-878d-20cf30e32f6d
This commit is contained in:
Olli Hauer 2013-12-01 15:10:18 +00:00
parent 3e00e55e12
commit 37df5f700f
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=335393
3 changed files with 34 additions and 4 deletions

View File

@ -51,6 +51,37 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="620cf713-5a99-11e3-878d-20cf30e32f6d">
<topic>monitorix -- serious bug in the built-in HTTP server</topic>
<affects>
<package>
<name>monitorix</name>
<range><lt>3.3.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Monitorix Project reports:</p>
<blockquote cite="http://www.monitorix.org/news.html#N331">
<p>A serious bug in the built-in HTTP server. It was discovered that the
handle_request() routine did not properly perform input sanitization
which led into a number of security vulnerabilities. An unauthenticated,
remote attacker could exploit this flaw to execute arbitrary commands on
the remote host. All users still using older versions are advised to
upgrade to this version, which resolves this issue.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.monitorix.org/news.html#N331</url>
<url>https://github.com/mikaku/Monitorix/issues/30</url>
</references>
<dates>
<discovery>2013-11-21</discovery>
<entry>2013-12-01</entry>
</dates>
</vuln>
<vuln vid="e3244a7b-5603-11e3-878d-20cf30e32f6d">
<topic>subversion -- multiple vulnerabilities</topic>
<affects>

View File

@ -1,8 +1,7 @@
# Created by: Olli Hauer <ohauer@FreeBSD.org>
# $FreeBSD$
PORTNAME= monitorix
PORTVERSION= 3.3.0
PORTVERSION= 3.3.1
CATEGORIES= sysutils
MASTER_SITES= http://www.monitorix.org/ \
http://www.monitorix.org/old_versions/ \

View File

@ -1,2 +1,2 @@
SHA256 (monitorix-3.3.0.tar.gz) = 9578d79121034cfee94ebcdcec3a1c55fddd0ff022cdd8184d1d5109f813d29a
SIZE (monitorix-3.3.0.tar.gz) = 186782
SHA256 (monitorix-3.3.1.tar.gz) = b308cc300bba52ba2b8a8d6e613ddac042c9a27aa6f38dbf24c7e9358a70447d
SIZE (monitorix-3.3.1.tar.gz) = 186779