svn commit: r301571 - in head: security/vuxml www/p5-RT-Authen-ExternalAuth
Matthew Seaman
matthew at FreeBSD.org
Thu Jul 26 17:46:52 UTC 2012
Author: matthew
Date: Thu Jul 26 17:46:51 2012
New Revision: 301571
URL: http://svn.freebsd.org/changeset/ports/301571
Log:
Security update to 0.11
ChangeLog:
0.11 2012-07-03 Alex Vandiver
* Obfuscate passwords in RT's System Configuration page
* Set an empty CurrentUser on failure, instead of removing it entirely
0.10_01 2012-02-23 Thomas Sibley
* Escape usernames in filter values so special characters don't die
0.10 2012-02-17 Thomas Sibley
* Silence confusing log messages when $ExternalInfoPriority is empty
0.09_03 2012-01-27 Thomas Sibley
* Fetch the necessary attributes when group_attr_value is used
* Test escaping of commas during the group check
0.09_02 2012-01-26 Thomas Sibley
* Improved logging inside the LDAP group membership check
0.09_01 2012-01-23 Thomas Sibley
* Improved logic when dealing with Disabled/disabling users
* Configurable group membership attribute values
* Group membership tests
Security Advisory:
http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html
Approved by: shaun (mentor)
Security: cdc4ff0e-d736-11e1-8221-e0cb4e266481
Modified:
head/security/vuxml/vuln.xml
head/www/p5-RT-Authen-ExternalAuth/Makefile (contents, props changed)
head/www/p5-RT-Authen-ExternalAuth/distinfo (contents, props changed)
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Jul 26 17:43:34 2012 (r301570)
+++ head/security/vuxml/vuln.xml Thu Jul 26 17:46:51 2012 (r301571)
@@ -52,6 +52,39 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="cdc4ff0e-d736-11e1-8221-e0cb4e266481">
+ <topic>p5-RT-Authen-ExternalAuth -- privilege escalation</topic>
+ <affects>
+ <package>
+ <name>p5-RT-Authen-ExternalAuth</name>
+ <range><lt>0.11</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The RT development team reports:</p>
+ <blockquote cite="http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html">
+ <p>RT::Authen::ExternalAuth 0.10 and below (for all versions
+ of RT) are vulnerable to an escalation of privilege attack
+ where the URL of a RSS feed of the user can be used to
+ acquire a fully logged-in session as that user.
+ CVE-2012-2770 has been assigned to this vulnerability.</p>
+ <p>Users of RT 3.8.2 and above should upgrade to
+ RT::Authen::ExternalAuth 0.11, which resolves this
+ vulnerability.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html</url>
+ <cvename>CVE-2012-2770</cvename>
+ </references>
+ <dates>
+ <discovery>2012-07-25</discovery>
+ <entry>2012-07-26</entry>
+ </dates>
+ </vuln>
+
<vuln vid="c7fa3618-d5ff-11e1-90a2-000c299b62e1">
<topic>isc-dhcp -- multiple vulnerabilities</topic>
<affects>
Modified: head/www/p5-RT-Authen-ExternalAuth/Makefile
==============================================================================
--- head/www/p5-RT-Authen-ExternalAuth/Makefile Thu Jul 26 17:43:34 2012 (r301570)
+++ head/www/p5-RT-Authen-ExternalAuth/Makefile Thu Jul 26 17:46:51 2012 (r301571)
@@ -6,8 +6,7 @@
#
PORTNAME= RT-Authen-ExternalAuth
-DISTVERSION= 0.09
-PORTREVISION= 2
+DISTVERSION= 0.11
CATEGORIES= www net perl5
MASTER_SITES= CPAN
MASTER_SITE_SUBDIR= CPAN:FALCONE
Modified: head/www/p5-RT-Authen-ExternalAuth/distinfo
==============================================================================
--- head/www/p5-RT-Authen-ExternalAuth/distinfo Thu Jul 26 17:43:34 2012 (r301570)
+++ head/www/p5-RT-Authen-ExternalAuth/distinfo Thu Jul 26 17:46:51 2012 (r301571)
@@ -1,2 +1,2 @@
-SHA256 (RT-Authen-ExternalAuth-0.09.tar.gz) = 4b2fd506f55c69b126c191c330f4bdd89ccec364077e1fd035610d19f38319bc
-SIZE (RT-Authen-ExternalAuth-0.09.tar.gz) = 56056
+SHA256 (RT-Authen-ExternalAuth-0.11.tar.gz) = 42859c5d5bdf7b95f9f408ab70f8589a1c2c3c2cdd53d9d405658f4d08fd549e
+SIZE (RT-Authen-ExternalAuth-0.11.tar.gz) = 62805
More information about the svn-ports-head
mailing list