svn commit: r307534 - head/security/vuxml
Jase Thew
jase at FreeBSD.org
Sun Nov 18 12:46:40 UTC 2012
Author: jase
Date: Sun Nov 18 12:46:39 2012
New Revision: 307534
URL: http://svnweb.freebsd.org/changeset/ports/307534
Log:
- Document new vulnerability in irc/weechat and irc/weechat-devel
Feature safe: yes
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Nov 18 12:35:05 2012 (r307533)
+++ head/security/vuxml/vuln.xml Sun Nov 18 12:46:39 2012 (r307534)
@@ -51,6 +51,39 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="81826d12-317a-11e2-9186-406186f3d89d">
+ <topic>weechat -- Arbitrary shell command execution via scripts</topic>
+ <affects>
+ <package>
+ <name>weechat</name>
+ <range><ge>0.3.0</ge><lt>0.3.9.2</lt></range>
+ </package>
+ <package>
+ <name>weechat-devel</name>
+ <range><lt>20121118</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Sebastien Helleu reports:</p>
+ <blockquote cite="https://savannah.nongnu.org/bugs/?37704">
+ <p>Untrusted command for function hook_process could lead to
+ execution of commands, because of shell expansions.</p>
+ <p>Workaround with a non-patched version: remove/unload all scripts
+ calling function hook_process (for maximum safety).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://weechat.org/security/</url>
+ <url>https://savannah.nongnu.org/bugs/?37764</url>
+ </references>
+ <dates>
+ <discovery>2012-11-15</discovery>
+ <entry>2012-11-18</entry>
+ </dates>
+ </vuln>
+
<vuln vid="2b841f88-2e8d-11e2-ad21-20cf30e32f6d">
<topic>bugzilla -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list