mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-25 04:43:33 +00:00
- security update to 3.3.1
This is a maintenance release that fixes a serious bug in the built-in HTTP server. It was discovered that the handle_request() routine did not properly perform input sanitization which led into a number of security vulnerabilities. An unauthenticated, remote attacker could exploit this flaw to execute arbitrary commands on the remote host. All users still using older versions are advised to upgrade to this version, which resolves this issue. Approved by: crees (maintainer, per PM) Security: 620cf713-5a99-11e3-878d-20cf30e32f6d
This commit is contained in:
parent
3e00e55e12
commit
37df5f700f
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=335393
@ -51,6 +51,37 @@ Note: Please add new entries to the beginning of this file.
|
||||
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="620cf713-5a99-11e3-878d-20cf30e32f6d">
|
||||
<topic>monitorix -- serious bug in the built-in HTTP server</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>monitorix</name>
|
||||
<range><lt>3.3.1</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>Monitorix Project reports:</p>
|
||||
<blockquote cite="http://www.monitorix.org/news.html#N331">
|
||||
<p>A serious bug in the built-in HTTP server. It was discovered that the
|
||||
handle_request() routine did not properly perform input sanitization
|
||||
which led into a number of security vulnerabilities. An unauthenticated,
|
||||
remote attacker could exploit this flaw to execute arbitrary commands on
|
||||
the remote host. All users still using older versions are advised to
|
||||
upgrade to this version, which resolves this issue.</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>http://www.monitorix.org/news.html#N331</url>
|
||||
<url>https://github.com/mikaku/Monitorix/issues/30</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2013-11-21</discovery>
|
||||
<entry>2013-12-01</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="e3244a7b-5603-11e3-878d-20cf30e32f6d">
|
||||
<topic>subversion -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
|
@ -1,8 +1,7 @@
|
||||
# Created by: Olli Hauer <ohauer@FreeBSD.org>
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= monitorix
|
||||
PORTVERSION= 3.3.0
|
||||
PORTVERSION= 3.3.1
|
||||
CATEGORIES= sysutils
|
||||
MASTER_SITES= http://www.monitorix.org/ \
|
||||
http://www.monitorix.org/old_versions/ \
|
||||
|
@ -1,2 +1,2 @@
|
||||
SHA256 (monitorix-3.3.0.tar.gz) = 9578d79121034cfee94ebcdcec3a1c55fddd0ff022cdd8184d1d5109f813d29a
|
||||
SIZE (monitorix-3.3.0.tar.gz) = 186782
|
||||
SHA256 (monitorix-3.3.1.tar.gz) = b308cc300bba52ba2b8a8d6e613ddac042c9a27aa6f38dbf24c7e9358a70447d
|
||||
SIZE (monitorix-3.3.1.tar.gz) = 186779
|
||||
|
Loading…
Reference in New Issue
Block a user