search for: securityfixes

...luding jailed) to keep it away from any sensitive FreeBSD.org parts, so there is absolutely no reason to believe a compromise would go any further than the wiki itself. I hope to have the wiki back within 24 hours, assuming not too much gets in the way. For further reference see: http://moinmo.in/SecurityFixes and http://permalink.gmane.org/gmane.linux.debian.devel.announce/1754 . PS. this is entirely unrelated to the 2012 November FreeBSD.org compromise. -- Simon L. B. Nielsen Hat: FreeBSD clusteradm / FreeBSD Security Officer

Hi folks, I spotted an HTML escaping bug in Xapian::MSet::snippet() while working on the code. This issue has been assigned CVE-2018-0499 (though currently there's no useful information on cve.mitre.org for it). I've added a wiki page for it here: https://trac.xapian.org/wiki/SecurityFixes/2018-07-02 The intended behaviour is that the selected input text is escaped for use in HTML, but this wasn't happening in all cases and there's potential for an attacker who can feed documents into a system to inject HTML markup into results pages for some searches. This method is wrappe...

Xapian 1.4.6 can now be downloaded from: https://xapian.org/download This release includes a fix for CVE-2018-0499: https://trac.xapian.org/wiki/SecurityFixes/2018-07-02 The wiki will shortly have a summary of the most notable changes: https://trac.xapian.org/wiki/ReleaseOverview/1.4.6 A big thanks to the following people for helping to make this release a reality: Germán M. Bravo, Robert Stepanek, 张少华, Gaurav Arora, Andy Chilton, sielicki, Guruprasad...

Hello, Possibly some of you will have read the news about "Hijacking a Macbook in 60 Seconds or Less"[1]. At this time I was searching a wireless card for my server and I wonder how this can affect to the combination FreeBSD+ath(4). The ath_hal page states that FreeBSD use a binary driver and I think it is located in this file[2]. Unlike OpenBSD which affirms that they have