ports/security, branch 2015Q2FreeBSD ports treehttps://cgit-dev.freebsd.org/ports/atom?h=2015Q22015-07-23T16:24:25ZShibboleth SP software crashes on well-formed but invalid XML.2015-07-23T16:24:25ZPalle Girgensohngirgen@FreeBSD.org2015-07-23T16:24:25Zurn:sha1:7d7c2271f6c957574221e8746e5a356435cd114f
The Service Provider software contains a code path with an uncaught
exception that can be triggered by an unauthenticated attacker by
supplying well-formed but schema-invalid XML in the form of SAML
metadata or SAML protocol messages. The result is a crash and so
causes a denial of service.
You must rebuild opensaml and shibboleth with xmltooling-1.5.5 or later.
The easiest way to do so is to update the whole chain including
shibboleth-2.5.5 an opensaml2.5.5.
URL: http://shibboleth.net/community/advisories/secadv_20150721.txt
Security: CVE-2015-2684
Approved by: ports-secteam
MFH: 385082,386705,3869502015-06-27T14:33:52ZRoman Bogorodskiynovel@FreeBSD.org2015-06-27T14:33:52Zurn:sha1:480c2209a5265393c1a7dad302bf53f7f72caec3
- Update to 4.5
- Drop @dirrm* from plist [1]
- Properly register info page [2]
Submitted by: amdmi3 [1]
Submitted by: antoine [2]
PR: 199980 [2]
Security: CVE-2015-2806
Approved by: ports-secteam (eadler)
MFH: r3854252015-06-20T00:29:51ZXin LIdelphij@FreeBSD.org2015-06-20T00:29:51Zurn:sha1:a908a517ad2bbe045aa635ff549e065c502374ed
Update to 0.98.7
Requested by: garga
Approved by: ports-secteam@
Direct commit to fix the distinfo for security/ossec-hids-* with the older USE_GITHUB support.2015-06-13T14:04:34ZBrad Davisbrd@FreeBSD.org2015-06-13T14:04:34Zurn:sha1:b4f030d1f8dc20c9e48a4ee2831779877a5a6b63
Approved by: zi (mentor
Approved by: ports-secteam (zi)
MFH r3892712015-06-12T15:09:49ZBrad Davisbrd@FreeBSD.org2015-06-12T15:09:49Zurn:sha1:905e167f054bc387f6d3376163504a9c35f5a94f
Update security/ossec-hids-* to 2.8.2.
Approved by: portmgr (erwin)
Approved by: swills (mentor)
Security: c470db07-1098-11e5-b6a8-002590263bf5
MFH: r3889052015-06-09T19:57:04ZRenato Botelhogarga@FreeBSD.org2015-06-09T19:57:04Zurn:sha1:d8da2d3d68674b0a67b7d60747ab94d3552fc69e
Update to 5.3.2
PR: 200721
Approved by: strongswan@Nanoteq.com (maintainer)
Security: CVE-2015-3991
Sponsored by: Netgate
Approved by: portmgr (erwin)
MFH: r3877472015-05-28T17:49:12ZXin LIdelphij@FreeBSD.org2015-05-28T17:49:12Zurn:sha1:9a98ef9382dcd1a870e3230ff7a84a24612470e2
Apply vendor patch for CVE-2015-2694 (changeset
b0c571e709c72da799ccc15fb5755f7910170e33) to prevent requires_preauth
bypass.
Obtained from: https://github.com/krb5/krb5/commit/b0c571e709c72da799ccc15fb5755f7910170e33.diff
Security: CVE-2015-2694
Security: 0b040e24-f751-11e4-b24d-5453ed2e2b49
Approved by: ports-secteam
MFH: r384787 (ale)2015-05-22T22:12:11ZXin LIdelphij@FreeBSD.org2015-05-22T22:12:11Zurn:sha1:461f88c8f35b0ca97ef1fb90bc8306b59f0ba935
Update to 5.6.8 release.
PR: 199585
Submitted by: Franco Fichtner
Approved by: ports-secteam
MFH: r3870312015-05-22T16:17:04ZXin LIdelphij@FreeBSD.org2015-05-22T16:17:04Zurn:sha1:8c3c9f31b6ebc687e9ef7ed4c2673911b49833ec
Fix plist when LIBDANE is defined (PORTREVISION not bumped
because package wouldn't be successful in the case).
Pointy hat to: delphij
Reported by: sunpoet
Approved by: ports-secteam
MFH: r3870292015-05-22T15:54:56ZXin LIdelphij@FreeBSD.org2015-05-22T15:54:56Zurn:sha1:c3000fa74482814dcd125c1bea1f7bc853d37e44
Update to 3.3.15.
PR: 198875
Approved by: ports-secteam@ (self)