Module Name:	pkgsrc
Committed By:	snj
Date:		Sat Oct  8 06:08:48 UTC 2005

Modified Files:
	pkgsrc/www/weex [pkgsrc-2005Q3]: Makefile distinfo
Added Files:
	pkgsrc/www/weex/patches [pkgsrc-2005Q3]: patch-ad

Log Message:
Pullup ticket 803 - requested by Lubomir Sedlacik
security fix for weex

Revisions pulled up:
- pkgsrc/www/weex/Makefile		1.9
- pkgsrc/www/weex/distinfo		1.4
- pkgsrc/www/weex/patches/patch-ad	1.1

   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Wed Oct  5 13:38:13 UTC 2005

   Modified Files:
           pkgsrc/www/weex: Makefile distinfo
   Added Files:
           pkgsrc/www/weex/patches: patch-ad

   Log Message:
   Security fix for SA17028:

   "A vulnerability in Weex can be exploited by malicious users to cause a DoS
   (Denial of Service) or to compromise a vulnerable system.

   The vulnerability is caused due to a format string error in the "log_flush()"
   function when flushing an error log entry that contains format string
   specifiers to disk. This may be exploited to execute arbitrary code on a
   user's system via a directory name containing format string specifiers.

   Successful exploitation requires that the attacker is able to create
   directories within the user's Weex home directory."

   http://secunia.com/advisories/17028/

   Patch from FreeBSD PR ports/86833.


To generate a diff of this commit:
cvs rdiff -r1.8 -r1.8.4.1 pkgsrc/www/weex/Makefile
cvs rdiff -r1.3 -r1.3.2.1 pkgsrc/www/weex/distinfo
cvs rdiff -r0 -r1.1.2.1 pkgsrc/www/weex/patches/patch-ad

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.