svn commit: r320834 - in head: devel/dbus security/vuxml

Koop Mast kwm at FreeBSD.org
Thu Jun 13 19:54:26 UTC 2013 

Author: kwm
Date: Thu Jun 13 19:54:25 2013
New Revision: 320834
URL: http://svnweb.freebsd.org/changeset/ports/320834

Log:
  Update to 1.6.12.
  
  I'm not completly sure this affects us, but beter safe then sorry.
  While here wordsmith Options description to try to make it clearer.
  
  Security:	CVE-2013-2168

Modified:
  head/devel/dbus/Makefile
  head/devel/dbus/distinfo   (contents, props changed)
  head/security/vuxml/vuln.xml

Modified: head/devel/dbus/Makefile
==============================================================================
--- head/devel/dbus/Makefile	Thu Jun 13 19:51:53 2013	(r320833)
+++ head/devel/dbus/Makefile	Thu Jun 13 19:54:25 2013	(r320834)
@@ -3,7 +3,7 @@
 #   $MCom: ports/devel/dbus/Makefile,v 1.58 2013/02/15 15:06:49 kwm Exp $
 
 PORTNAME=	dbus
-PORTVERSION=	1.6.8
+PORTVERSION=	1.6.12
 CATEGORIES=	devel gnome
 MASTER_SITES=	http://dbus.freedesktop.org/releases/dbus/
 
@@ -41,7 +41,7 @@ MAN1=		dbus-cleanup-sockets.1 dbus-daemo
 
 OPTIONS_DEFINE=	X11
 OPTIONS_DEFAULT=X11
-X11_DESC=	X11 Desktop Environments
+X11_DESC=	Support X11 Desktop Environments
 
 .include <bsd.port.options.mk>
 

Modified: head/devel/dbus/distinfo
==============================================================================
--- head/devel/dbus/distinfo	Thu Jun 13 19:51:53 2013	(r320833)
+++ head/devel/dbus/distinfo	Thu Jun 13 19:54:25 2013	(r320834)
@@ -1,2 +1,2 @@
-SHA256 (dbus-1.6.8.tar.gz) = fc1370ef38abeeb13f55c905ec002e60705fb0bfde3b8d21c8d6eb8056c11bac
-SIZE (dbus-1.6.8.tar.gz) = 1929630
+SHA256 (dbus-1.6.12.tar.gz) = f67a7abfd6d045c1e9eba2bba4199d301836bc0c6e8a727c765913aba780ee92
+SIZE (dbus-1.6.12.tar.gz) = 1933805

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Jun 13 19:51:53 2013	(r320833)
+++ head/security/vuxml/vuln.xml	Thu Jun 13 19:54:25 2013	(r320834)
@@ -51,6 +51,36 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="4e9e410b-d462-11e2-8d57-080027019be0">
+    <topic>dbus -- local dos</topic>
+    <affects>
+      <package>
+	<name>dbus</name>
+	<range><lt>1.16.12</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Simon McVittie reports:</p>
+	<blockquote cite="http://lists.freedesktop.org/archives/dbus/2013-June/015696.html">
+	  <p>Alexandru Cornea discovered a vulnerability in libdbus caused
+	     by an implementation bug in _dbus_printf_string_upper_bound().
+	     This vulnerability can be exploited by a local user to crash
+	     system services that use libdbus, causing denial of service.
+	     It is platform-specific: x86-64 Linux is known to be affected.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-2168</cvename>
+      <url>http://lists.freedesktop.org/archives/dbus/2013-June/015696.html</url>
+    </references>
+    <dates>
+      <discovery>2013-06-13</discovery>
+      <entry>2013-06-13</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="fce67546-d2e7-11e2-a9bf-98fc11cdc4f5">
     <topic>linux-flashplugin -- multiple vulnerabilities</topic>
     <affects>

More information about the svn-ports-head mailing list