pkgsrc-changes: CVS commit: pkgsrc/www/weex

Subject: CVS commit: pkgsrc/www/weex
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 10/05/2005 13:38:13

Module Name:	pkgsrc
Committed By:	salo
Date:		Wed Oct  5 13:38:13 UTC 2005

Modified Files:
	pkgsrc/www/weex: Makefile distinfo
Added Files:
	pkgsrc/www/weex/patches: patch-ad

Log Message:
Security fix for SA17028:

"A vulnerability in Weex can be exploited by malicious users to cause a DoS
(Denial of Service) or to compromise a vulnerable system.

The vulnerability is caused due to a format string error in the "log_flush()"
function when flushing an error log entry that contains format string
specifiers to disk. This may be exploited to execute arbitrary code on a
user's system via a directory name containing format string specifiers.

Successful exploitation requires that the attacker is able to create
directories within the user's Weex home directory."

http://secunia.com/advisories/17028/

Patch from FreeBSD PR ports/86833.


To generate a diff of this commit:
cvs rdiff -r1.8 -r1.9 pkgsrc/www/weex/Makefile
cvs rdiff -r1.3 -r1.4 pkgsrc/www/weex/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/www/weex/patches/patch-ad

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.