notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
All times are UTC
The safest procedure: change your FreshPorts password. Anything you had set before Friday March 24 2023 09:49:20 UTC should be changed. You can read more here: SQL inejection issues fixed and FreshSource code fixes Sorry about the extra work for you.
All known SQL injection issues patched. There is no evidence it was exploited. That doesn’t mean it wasn’t. Please change your password.
non port: devel/kf5-kio/files/patch-git_f9d0cb4_cve-2017-6410

Number of commits found: 1

Sat, 11 Mar 2017
[ 10:28 tcberner search for other commits by this committer ] Original commit   Revision:435896
Adress CVE-2017-6410 in devel/kf5-kio and x11/kdelibs4

Using a malicious PAC file, and then using exfiltration methods in the PAC
function FindProxyForURL() enables the attacker to expose full https URLs.

This is a security issue since https URLs may contain sensitive
information in the URL authentication part (user:password@host), and in the
path and the query (e.g. access tokens).

This attack can be carried out remotely (over the LAN) since proxy settings
allow ``Detect Proxy Configuration Automatically''
This setting uses WPAD to retrieve the PAC file, and an attacker who has access
to the victim's LAN can interfere with the WPAD protocols (DHCP/DNS+HTTP)
and inject his/her own malicious PAC instead of the legitimate one.

Reviewed by:	mat, rakuco
Approved by:	rakuco (mentor), mat (mentor)
Obtained from:
MFH:		2017Q1
Security:	CVE-2017-6410
Differential Revision:

Number of commits found: 1