aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorcs <cs@FreeBSD.org>2014-01-29 06:29:12 +0800
committercs <cs@FreeBSD.org>2014-01-29 06:29:12 +0800
commitf11615784bc16741a535def3252e63b658f99461 (patch)
treea476ce7b7d2569f790eb108663fb9a2e2ec327d8 /security
parent50a02e34490ea2ad414ece138fa6074a290a9eff (diff)
downloadfreebsd-ports-gnome-f11615784bc16741a535def3252e63b658f99461.tar.gz
freebsd-ports-gnome-f11615784bc16741a535def3252e63b658f99461.tar.zst
freebsd-ports-gnome-f11615784bc16741a535def3252e63b658f99461.zip
2 new OTRS vulnerabilities
Security: CVE-2014-1471
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml51
1 files changed, 51 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index a7526d01ded0..e5c4cd2b6ac5 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,57 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="c7b5d72b-886a-11e3-9533-60a44c524f57">
+ <topic>otrs -- SQL injection issue</topic>
+ <affects>
+ <package>
+ <name>otrs</name>
+ <range><lt>3.2.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OTRS Project reports:</p>
+ <blockquote cite="https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/">
+ <p>SQL injection issue</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-1471</cvename>
+ <url>https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/</url>
+ </references>
+ <dates>
+ <discovery>2014-01-28</discovery>
+ <entry>2014-01-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="080c5370-886a-11e3-9533-60a44c524f57">
+ <topic>otrs -- CSRF issue in customer web interface</topic>
+ <affects>
+ <package>
+ <name>otrs</name>
+ <range><lt>3.2.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OTRS Project reports:</p>
+ <blockquote cite="https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/">
+ <p>An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/</url>
+ </references>
+ <dates>
+ <discovery>2014-01-28</discovery>
+ <entry>2014-01-28</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f9810c43-87a5-11e3-9214-00262d5ed8ee">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
generated by cgit (git 2.34.1) at 2024-11-08 07:50:57 +0800
ons'>+641 * Remove USE_REINPLACE from all categories starting with Dedwin2006-05-051-1/+0 * SHA256ifyedwin2006-01-221-0/+1 * Use groups to use the right subdirectory for the right MASTER_SITE.fenner2005-10-181-2/+4 * Back out rev 1.2 -- it was not approved by the maintainer.obrien2005-04-081-0/+0 * Replace "%" in patch filenames with "_".tobez2005-04-071-0/+0 * No longer provide a "native" gdb for those machines lacking one.obrien2005-03-122-8/+0 * Commit a partial WIP before I loose it.obrien2005-03-111-0/+6 * BROKEN on alpha: Does not compilekris2005-01-021-2/+2 * BROKEN on ia64 and sparc64: Does not compilekris2004-11-181-0/+4 * Really allow building on 4.x. Rev 1.40 was a NOP as the base readline libobrien2004-10-282-3/+16 * Update to the 2004-08-10 snapshot.obrien2004-10-213-6/+6 * Support building/use on FreeBSD 4.x.obrien2004-08-273-1/+7 * Update to the 2004-08-03 snapshot.obrien2004-08-236-25/+25 * Now fetchable.obrien2004-08-231-2/+0 * BROKEN: Unfetchablekris2004-08-211-0/+2 * Update to the 2004-07-20 snapshot.obrien2004-07-202-3/+3 * Add alternate download sites.obrien2004-07-161-2/+2 * Update to the 2004-07-13 snapshot.obrien2004-07-162-5/+3 * BROKEN: Unfetchablekris2004-07-111-0/+2 * MFC: break out the MD bits from kvm-fbsd.c.obrien2004-06-216-380/+459 * Update to the 2004-06-15 snapshot.obrien2004-06-213-5/+6 * Update to the 2003-05-25 snapshot.obrien2004-06-142-3/+3 * Update to the 2004-05-11 snapshot.obrien2004-05-1329-2009/+2118 * BROKEN on 4.x: Does not compilekris2004-05-081-0/+4 * Update to the 2004-05-04 snapshot.obrien2004-05-052-7/+7 * Remove files after repo copy.obrien2004-05-0520-2057/+0 * Set appropiate LATEST links.obrien2004-04-191-0/+1 * Update to the 2003-04-13 snapshot.obrien2004-04-162-3/+3 * Use our system shared readline vs. the included static one.obrien2004-03-251-1/+6 * Link gdb6 to gdb on platforms w/o /usr/src gdb support.obrien2004-03-252-5/+15 * Update to a gdb 6.1 snapshot.obrien2004-03-253-10/+22 * Fix build on sparc64 (catch up to pcb changes).jake2003-04-082-6/+6 * Update to a 5.3.1 in-progress snapshot.obrien2003-03-162-2/+8 * Clear moonlight beckons.ade2003-03-072-1/+1 * Update to gdb-5.3.mp2003-01-052-14/+2 * Allow compilation on 4-stable for user mode use.mp2003-01-054-18/+52 * Use DBREG_DRX instead of accessing the dr members directly. This make gdbmp2003-01-052-0/+40 * Update to track changes to struct regs for sparc64.mp2002-10-234-52/+126 * Add support for sparc64 kernel debugging.mp2002-10-224-18/+164 * Update the weekly update check to be more selective.obrien2002-10-201-1/+1 * Update to latest snapshot.mp2002-10-172-2/+2 * Patches for gdb-5.3 to work on the FreeBSD sparc64 port.mp2002-10-1710-34/+238 * Changes to allow compilation on a sparc64.mp2002-10-165-16/+72 * This patch isn't needed with gdb-5.3.mp2002-10-161-67/+0 * Fix patch to remove bogus prefix pathnames.mp2002-10-162-4/+4 * Quiet PARAMS warning.mp2002-10-142-0/+40 * Patches to get FreeBSD changes working with gdb-5.3.mp2002-10-1418-1698/+1052 * Jake is changing the trapframe/regs/ucontext structures for FreeBSD/sparc64.obrien2002-10-131-0/+16 * Don't build the xfreemod enhancement until I have a chance to port it fromobrien2002-10-132-2/+2 * Upgrade to a GDB 5.3 snapshot, after being repo copied from "gdb52".obrien2002-10-137-13/+20 * Add a patch that allows one to debug XFree86 loadable modules.obrien2002-10-094-3/+8