FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  368339
Date:      2014-09-16
Time:      17:35:34Z
Committer: osa

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
cdc4ff0e-d736-11e1-8221-e0cb4e266481p5-RT-Authen-ExternalAuth -- privilege escalation

The RT development team reports:

RT::Authen::ExternalAuth 0.10 and below (for all versions of RT) are vulnerable to an escalation of privilege attack where the URL of a RSS feed of the user can be used to acquire a fully logged-in session as that user. CVE-2012-2770 has been assigned to this vulnerability.

Users of RT 3.8.2 and above should upgrade to RT::Authen::ExternalAuth 0.11, which resolves this vulnerability.


Discovery 2012-07-25
Entry 2012-07-26
p5-RT-Authen-ExternalAuth
lt 0.11

http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html
CVE-2012-2770
cdc4ff0e-d736-11e1-8221-e0cb4e266481p5-RT-Authen-ExternalAuth -- privilege escalation

The RT development team reports:

RT::Authen::ExternalAuth 0.10 and below (for all versions of RT) are vulnerable to an escalation of privilege attack where the URL of a RSS feed of the user can be used to acquire a fully logged-in session as that user. CVE-2012-2770 has been assigned to this vulnerability.

Users of RT 3.8.2 and above should upgrade to RT::Authen::ExternalAuth 0.11, which resolves this vulnerability.


Discovery 2012-07-25
Entry 2012-07-26
p5-RT-Authen-ExternalAuth
lt 0.11

http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html
CVE-2012-2770
cdc4ff0e-d736-11e1-8221-e0cb4e266481p5-RT-Authen-ExternalAuth -- privilege escalation

The RT development team reports:

RT::Authen::ExternalAuth 0.10 and below (for all versions of RT) are vulnerable to an escalation of privilege attack where the URL of a RSS feed of the user can be used to acquire a fully logged-in session as that user. CVE-2012-2770 has been assigned to this vulnerability.

Users of RT 3.8.2 and above should upgrade to RT::Authen::ExternalAuth 0.11, which resolves this vulnerability.


Discovery 2012-07-25
Entry 2012-07-26
p5-RT-Authen-ExternalAuth
lt 0.11

http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html
CVE-2012-2770