pkg audit on Ysul
ActivePublic
Actions

Authored by dereckson on Feb 24 2015, 17:06.

Tags

Referenced Files

	F1246: Masterwork_From_Distant_Lands
	Feb 24 2015, 17:06

Subscribers

None

	apache24-2.4.10_2 is vulnerable:
	apache24 -- several vulnerabilities
	CVE: CVE-2013-5704
	CVE: CVE-2014-8109
	CVE: CVE-2014-3581
	CVE: CVE-2014-3583
	WWW: http://vuxml.FreeBSD.org/freebsd/5804b9d4-a959-11e4-9363-20cf30e32f6d.html

	bittorrent-libutp-0.20130514 is vulnerable:
	libutp -- remote denial of service or arbitrary code execution
	CVE: CVE-2012-6129
	WWW: http://vuxml.FreeBSD.org/freebsd/0523fb7e-8444-4e86-812d-8de05f6f0dce.html

	py27-django-1.6.6 is vulnerable:
	django -- multiple vulnerabilities
	CVE: CVE-2015-0222
	CVE: CVE-2015-0221
	CVE: CVE-2015-0220
	CVE: CVE-2015-0219
	WWW: http://vuxml.FreeBSD.org/freebsd/9c7b6c20-a324-11e4-879c-00e0814cab4e.html

	3 problem(s) in the installed packages found.

dereckson changed the title of this paste from untitled to Masterwork From Distant Lands.

dereckson updated the paste's language from autodetect to autodetect.

Apache vulnerabilities are:

mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. We don't use this mod.
mod_cache: Avoid a crash when Content-Type has an empty value. PR 56924. We don't use this mod.
mod_lua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. PR57204. We don't use this mod.
core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. No web page served by Apache currently uses trailer headers.

So this can clearly wait a more careful update process.

dereckson changed the title of this paste from Masterwork From Distant Lands to pkg audit on Ysul.Apr 4 2015, 14:49

pkg audit on YsulActivePublicActions