From nobody@FreeBSD.org  Mon Apr 16 10:12:52 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 898911065670
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 16 Apr 2012 10:12:52 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 74DC08FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 16 Apr 2012 10:12:52 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q3GACpAv079620
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 16 Apr 2012 10:12:51 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q3GACpQR079614;
	Mon, 16 Apr 2012 10:12:51 GMT
	(envelope-from nobody)
Message-Id: <201204161012.q3GACpQR079614@red.freebsd.org>
Date: Mon, 16 Apr 2012 10:12:51 GMT
From: rodrigo osorio <rodrigo@bebik.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: security/vuxml update to report www/[nginx|nginx-devel] security issue
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         166990
>Category:       ports
>Synopsis:       security/vuxml update to report www/[nginx|nginx-devel] security issue
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    eadler
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 16 10:20:09 UTC 2012
>Closed-Date:    Mon Apr 16 16:32:01 UTC 2012
>Last-Modified:  Mon Apr 16 16:32:01 UTC 2012
>Originator:     rodrigo osorio
>Release:        
>Organization:
>Environment:
>Description:
The www/[nginx|nginx-devel] ports was updated last friday to fix a buffer overflow issue, but the vuxml database doesn't reflect the change.

See below, the patch to update the vuln.xml file generate using the Makefile commands. Only the first part of the validation was done, the script fails unexpectedly. 

http://files.bebik.net/patches/vuln.patch

>How-To-Repeat:

>Fix:
Apply the patch below :
http://files.bebik.net/patches/vuln.patch


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->secteam 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Mon Apr 16 10:20:53 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166990 
Responsible-Changed-From-To: secteam->eadler 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Mon Apr 16 15:27:22 UTC 2012 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166990 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/166990: commit references a PR
Date: Mon, 16 Apr 2012 15:35:16 +0000 (UTC)

 eadler      2012-04-16 15:34:57 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/vuxml       vuln.xml 
   Log:
   Add information about the recent nginx security vulnerability
   
   PR:             ports/166990
   Submitted by:   rodrigo osorio <rodrigo@bebik.net>
   
   Revision  Changes    Path
   1.2664    +31 -1     ports/security/vuxml/vuln.xml
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: eadler 
State-Changed-When: Mon Apr 16 16:31:58 UTC 2012 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166990 
>Unformatted:
