diff options
| author | flo <flo@FreeBSD.org> | 2012-11-25 23:42:22 +0800 |
|---|---|---|
| committer | flo <flo@FreeBSD.org> | 2012-11-25 23:42:22 +0800 |
| commit | 6ab84942c4479a8325ee3377220b1d22f2682ebe (patch) | |
| tree | 2faa770c5da1c87173f56c0a2473f6595933bc19 /net/liveMedia | |
| parent | b1005c10861e2cc0829fc6831639464ca20dd05d (diff) | |
| download | freebsd-ports-gnome-6ab84942c4479a8325ee3377220b1d22f2682ebe.tar.gz freebsd-ports-gnome-6ab84942c4479a8325ee3377220b1d22f2682ebe.tar.zst freebsd-ports-gnome-6ab84942c4479a8325ee3377220b1d22f2682ebe.zip | |
- Update backports patch to 20121114
- Bump PORTREVISION
Changes:
- CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by placing a
safe file extension after this character, as demonstrated by .php\0.jpg at the
end of the argument to the file_exists function
Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions
for strlen(filename) != filename_len
- CVE-2012-4388
The sapi_header_op function in main/SAPI.c does not properly determine a pointer
during checks for %0D sequences (aka carriage return characters), which allows
remote attackers to bypass an HTTP response-splitting protection mechanism via a
crafted URL, this vulnerability exists because of an incorrect fix for
CVE-2011-1398.
- Timezone database updated to version 2012.9 (2012i)
PR: ports/173685
Submitted by: Svyatoslav Lempert <svyatoslav.lempert@gmail.com>
Approved by: maintainer
Feature safe: yes
Diffstat (limited to 'net/liveMedia')
0 files changed, 0 insertions, 0 deletions