Subject: CVS commit: pkgsrc/www/weex
From: Lubomir Sedlacik
Date: 2005-10-05 15:38:13
Message id: 20051005133813.E76782DA27@cvs.netbsd.org

Log Message:
Security fix for SA17028:

"A vulnerability in Weex can be exploited by malicious users to cause a DoS
(Denial of Service) or to compromise a vulnerable system.

The vulnerability is caused due to a format string error in the \ 
"log_flush()"
function when flushing an error log entry that contains format string
specifiers to disk. This may be exploited to execute arbitrary code on a
user's system via a directory name containing format string specifiers.

Successful exploitation requires that the attacker is able to create
directories within the user's Weex home directory."

http://secunia.com/advisories/17028/

Patch from FreeBSD PR ports/86833.

Files:
RevisionActionfile
1.9modifypkgsrc/www/weex/Makefile
1.4modifypkgsrc/www/weex/distinfo
1.1addpkgsrc/www/weex/patches/patch-ad