BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
vulnerable to a software defect that allows a crafted query to
crash the server with a REQUIRE assertion failure. Remote
exploitation of this defect can be achieved without extensive
effort, resulting in a denial-of-service (DoS) vector against
affected servers.
Security: 2892a8e2-3d68-11e2-8e01-0800273fe665
CVE-2012-5688
Feature safe: yes
Security update to fix a heap corruption bug with invalid base64 input,
reported and fixed by Julius Plenz, FU Berlin, Germany.
Feature safe: yes
Security: CVE-2012-5468
Security: f524d8e0-3d83-11e2-807a-080027ef73ec
- use INSTALL_DATA to not set execution bit for plugins
- remove trailing whitespace in pkg-descr, while here
PR: 174047
Submitted by: antoine (maintainer)
Feature safe: yes
while here:
- use one space in Created by:
- some whitespace aligning
- correct python versions in USE_PYTHON
- use PYDISTUTILS_PKGVERSION to set correct package version instead of crafting
full PYDISTUTILS_EGGINFO
- remove trailin whitespace in pkg-descr and unneded newlines in pkg-message
PR: 174044
Submitted by: Sayetsky Anton <vsjcfm@gmail.com>
Approved by: Christoph Theis <theis@gmx.at> (maintainer)
Feature safe: yes
in Python under the GNU General Public License, for the extraction of digital
artifacts from volatile memory (RAM) samples.
WWW: http://code.google.com/p/volatility
PR: ports/172910
Submitted by: antoine@FreeBSD.org
Feature safe: yes
2012-11-26 palm/txt2pdbdoc: No more public distfiles
2012-11-26 sysutils/xloadface: No more public distfiles
2012-11-26 shells/gscommander: Abandonware
2012-11-26 security/saferpay: No more public distfiles
2012-11-26 x11-wm/qvwm: No more public distfiles
Feature safe: yes
This new version includes a migration from Perl to C and support for
ipfw and pf.
While here, trim the Makefile headers.
PR: ports/171951
Submitted by: Sean Greven <sean.greven@gmail.com> (maintainer)
Feature safe: yes
- Bump PORTREVISION
Changes:
- CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by placing a
safe file extension after this character, as demonstrated by .php\0.jpg at the
end of the argument to the file_exists function
Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions
for strlen(filename) != filename_len
- CVE-2012-4388
The sapi_header_op function in main/SAPI.c does not properly determine a pointer
during checks for %0D sequences (aka carriage return characters), which allows
remote attackers to bypass an HTTP response-splitting protection mechanism via a
crafted URL, this vulnerability exists because of an incorrect fix for
CVE-2011-1398.
- Timezone database updated to version 2012.9 (2012i)
PR: ports/173685
Submitted by: Svyatoslav Lempert <svyatoslav.lempert@gmail.com>
Approved by: maintainer
Feature safe: yes
- Fix installation so it doesn't overwrite your config files every time you
upgrade the port
- Fix some space/tab issues to make portlint happy
- Use dirrmtry in a few places because some people have their own custom
filters, actions, etc.
PR: ports/171708
Submitted by: Mark Felder <feld@feld.me>
Approved by: Christoph Theis <theis@gmx.at> (maintainer)
Feature safe: yes
