diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 31 | ||||
| -rw-r--r-- | sysutils/monitorix/Makefile | 3 | ||||
| -rw-r--r-- | sysutils/monitorix/distinfo | 4 |
3 files changed, 34 insertions, 4 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 715de46fb16a..f8b2d732deeb 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,37 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="620cf713-5a99-11e3-878d-20cf30e32f6d"> + <topic>monitorix -- serious bug in the built-in HTTP server</topic> + <affects> + <package> + <name>monitorix</name> + <range><lt>3.3.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Monitorix Project reports:</p> + <blockquote cite="http://www.monitorix.org/news.html#N331"> + <p>A serious bug in the built-in HTTP server. It was discovered that the + handle_request() routine did not properly perform input sanitization + which led into a number of security vulnerabilities. An unauthenticated, + remote attacker could exploit this flaw to execute arbitrary commands on + the remote host. All users still using older versions are advised to + upgrade to this version, which resolves this issue.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.monitorix.org/news.html#N331</url> + <url>https://github.com/mikaku/Monitorix/issues/30</url> + </references> + <dates> + <discovery>2013-11-21</discovery> + <entry>2013-12-01</entry> + </dates> + </vuln> + <vuln vid="e3244a7b-5603-11e3-878d-20cf30e32f6d"> <topic>subversion -- multiple vulnerabilities</topic> <affects> diff --git a/sysutils/monitorix/Makefile b/sysutils/monitorix/Makefile index a14bb8365d15..a101231f0487 100644 --- a/sysutils/monitorix/Makefile +++ b/sysutils/monitorix/Makefile @@ -1,8 +1,7 @@ -# Created by: Olli Hauer <ohauer@FreeBSD.org> # $FreeBSD$ PORTNAME= monitorix -PORTVERSION= 3.3.0 +PORTVERSION= 3.3.1 CATEGORIES= sysutils MASTER_SITES= http://www.monitorix.org/ \ http://www.monitorix.org/old_versions/ \ diff --git a/sysutils/monitorix/distinfo b/sysutils/monitorix/distinfo index 933f548937b2..bea319190f49 100644 --- a/sysutils/monitorix/distinfo +++ b/sysutils/monitorix/distinfo @@ -1,2 +1,2 @@ -SHA256 (monitorix-3.3.0.tar.gz) = 9578d79121034cfee94ebcdcec3a1c55fddd0ff022cdd8184d1d5109f813d29a -SIZE (monitorix-3.3.0.tar.gz) = 186782 +SHA256 (monitorix-3.3.1.tar.gz) = b308cc300bba52ba2b8a8d6e613ddac042c9a27aa6f38dbf24c7e9358a70447d +SIZE (monitorix-3.3.1.tar.gz) = 186779 |