----- Original message ----- From: Kirill Bychkov <[email protected]> To: "Sevan / Venture37" <[email protected]> Cc: [email protected] Subject: Re: Vulnerable packages in ports tree - 26/03 Date: Thu, 26 Mar 2015 18:15:51 +0300
On Thu, March 26, 2015 17:51, Sevan / Venture37 wrote: > Hi, Hi! > Just a heads up, the following packages in ports have vulnerabilities > which were announced recently: > > binutils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8501 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8502 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8503 > > dokuwiki https://www.dokuwiki.org/changes > > xerces http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0252 xerces-c was fixed: revision 1.8 date: 2015/03/23 14:36:38; author: jasper; state: Exp; lines: +2 -2; commitid: wNaUTFMqzjmCzY8X; Security fix for CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input > > icu http://bugs.icu-project.org/trac/ticket/11369 > http://bugs.icu-project.org/trac/ticket/11370 > http://bugs.icu-project.org/trac/ticket/11371 > > node http://blog.nodejs.org/2015/03/14/node-v0-10-37-stable Working on node 0.12.1 and a backport. > > tiff CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 > CVE-2014-9655 CVE-2015-1547 > > putty https://www.debian.org/security/2015/dsa-3190 This was fixed by recent update to putty-0.64 > > gnutls https://bugzilla.redhat.com/show_bug.cgi?id=1196323 > > PHP 5.6 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2305 > PHP 5.5 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2305 > PHP 5.4 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2305 > > py-django https://www.djangoproject.com/weblog/2015/mar/18/security-releases/ > > libzip CVE-2015-2331 > > > Sevan / Venture37 > >
