diff options
| author | salo <salo> | 2005-10-05 13:38:13 +0000 |
|---|---|---|
| committer | salo <salo> | 2005-10-05 13:38:13 +0000 |
| commit | f5eea914adaea8bedf002ce15b9a24c2733d7465 (patch) | |
| tree | 6bc69002f879a85ecad4ea5595251765034f0d36 /www | |
| parent | 813045038052ffa056be024446c648238b28e790 (diff) | |
| download | pkgsrc-f5eea914adaea8bedf002ce15b9a24c2733d7465.tar.gz | |
Security fix for SA17028:
"A vulnerability in Weex can be exploited by malicious users to cause a DoS
(Denial of Service) or to compromise a vulnerable system.
The vulnerability is caused due to a format string error in the "log_flush()"
function when flushing an error log entry that contains format string
specifiers to disk. This may be exploited to execute arbitrary code on a
user's system via a directory name containing format string specifiers.
Successful exploitation requires that the attacker is able to create
directories within the user's Weex home directory."
http://secunia.com/advisories/17028/
Patch from FreeBSD PR ports/86833.
Diffstat (limited to 'www')
| -rw-r--r-- | www/weex/Makefile | 3 | ||||
| -rw-r--r-- | www/weex/distinfo | 3 | ||||
| -rw-r--r-- | www/weex/patches/patch-ad | 15 |
3 files changed, 19 insertions, 2 deletions
diff --git a/www/weex/Makefile b/www/weex/Makefile index b8df83b0d27..ada39182662 100644 --- a/www/weex/Makefile +++ b/www/weex/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.8 2005/06/17 04:49:49 jlam Exp $ +# $NetBSD: Makefile,v 1.9 2005/10/05 13:38:13 salo Exp $ DISTNAME= weex-2.6.1 +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= http://www.enjoy.ne.jp/~gm/program/weex/arc/ diff --git a/www/weex/distinfo b/www/weex/distinfo index 73f7c23d92e..e226c44557e 100644 --- a/www/weex/distinfo +++ b/www/weex/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.3 2005/07/08 17:51:32 kristerw Exp $ +$NetBSD: distinfo,v 1.4 2005/10/05 13:38:13 salo Exp $ SHA1 (weex-2.6.1.tar.gz) = 8613e7c1a1621bbe042d076883f10b330934de5e RMD160 (weex-2.6.1.tar.gz) = d286d24d3d87ce78fb5032d50f0d6a0ac2876a04 @@ -6,3 +6,4 @@ Size (weex-2.6.1.tar.gz) = 200858 bytes SHA1 (patch-aa) = f8f092150b3556d78ab8ef66070447724c9c118d SHA1 (patch-ab) = 49e383c1c766d63b56256afe3293bf473ca63f6f SHA1 (patch-ac) = e22d816ad7177fdc3bd68f33fd1118cc8f5164d2 +SHA1 (patch-ad) = 0474aa99d979ff90aa1d9c179e7c44eccceefce2 diff --git a/www/weex/patches/patch-ad b/www/weex/patches/patch-ad new file mode 100644 index 00000000000..e39e4e52e4f --- /dev/null +++ b/www/weex/patches/patch-ad @@ -0,0 +1,15 @@ +$NetBSD: patch-ad,v 1.1 2005/10/05 13:38:13 salo Exp $ + +Fix for SA17028, via FreeBSD. + +--- src/log.c.orig 2000-05-03 16:42:05.000000000 +0200 ++++ src/log.c 2005-10-05 15:31:06.000000000 +0200 +@@ -182,7 +182,7 @@ + + fp=log_open(); + for(i=0;i<max_log;i++){ +- fprintf(fp,log_str[i]); ++ fprintf(fp,"%s",log_str[i]); + free(log_str[i]); + } + free(log_str); |