Page MenuHomeDevCentral

pkg audit on Ysul
ActivePublic

Authored by dereckson on Feb 24 2015, 17:06.
Referenced Files
F1246: Masterwork_From_Distant_Lands
Feb 24 2015, 17:06
Subscribers
None
apache24-2.4.10_2 is vulnerable:
apache24 -- several vulnerabilities
CVE: CVE-2013-5704
CVE: CVE-2014-8109
CVE: CVE-2014-3581
CVE: CVE-2014-3583
WWW: http://vuxml.FreeBSD.org/freebsd/5804b9d4-a959-11e4-9363-20cf30e32f6d.html
bittorrent-libutp-0.20130514 is vulnerable:
libutp -- remote denial of service or arbitrary code execution
CVE: CVE-2012-6129
WWW: http://vuxml.FreeBSD.org/freebsd/0523fb7e-8444-4e86-812d-8de05f6f0dce.html
py27-django-1.6.6 is vulnerable:
django -- multiple vulnerabilities
CVE: CVE-2015-0222
CVE: CVE-2015-0221
CVE: CVE-2015-0220
CVE: CVE-2015-0219
WWW: http://vuxml.FreeBSD.org/freebsd/9c7b6c20-a324-11e4-879c-00e0814cab4e.html
3 problem(s) in the installed packages found.

Event Timeline

dereckson changed the title of this paste from untitled to Masterwork From Distant Lands.
dereckson updated the paste's language from autodetect to autodetect.

Apache vulnerabilities are:

  • mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. We don't use this mod.
  • mod_cache: Avoid a crash when Content-Type has an empty value. PR 56924. We don't use this mod.
  • mod_lua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. PR57204. We don't use this mod.
  • core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. No web page served by Apache currently uses trailer headers.

So this can clearly wait a more careful update process.

dereckson changed the title of this paste from Masterwork From Distant Lands to pkg audit on Ysul.Apr 4 2015, 14:49