summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2004-10-27 12:25:06 +0000
committernectar <nectar@FreeBSD.org>2004-10-27 12:25:06 +0000
commit20a34c919b2e19fdd41f29ec7a7c8934967b5ec1 (patch)
treeb47768ba54ac7c7cc7534c3d05a86b6f00cd6355
parentf80c0a5d2165387aa1bd7008ae47adda06ae7665 (diff)
downloadFreeBSD-ports-20a34c919b2e19fdd41f29ec7a7c8934967b5ec1.zip
FreeBSD-ports-20a34c919b2e19fdd41f29ec7a7c8934967b5ec1.tar.gz
Create a VuXML entry for Horde XSS help window vulnerability to replace
the portaudit-db entry.
-rw-r--r--ports-mgmt/portaudit-db/database/portaudit.txt1
-rw-r--r--security/portaudit-db/database/portaudit.txt1
-rw-r--r--security/vuxml/vuln.xml28
3 files changed, 28 insertions, 2 deletions
diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt
index bc014ee..8af707e 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@@ -81,4 +81,3 @@ mpg123<=0.59r_13|http://secunia.com/advisories/12478 http://www.osvdb.org/9748 h
imp<3.2.6|http://thread.gmane.org/gmane.comp.horde.imp/15488 http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.109&r2=1.389.2.111&ty=h|XSS hole in the HTML viewer - The script vulnerabilities can only be exposed with certain browsers and allow XSS attacks when viewing HTML messages with the HTML MIME viewer.|efc4819b-0b2d-11d9-bfe1-000bdb1444a4
koffice<1.3.2_1,1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|ecf6713f-2549-11d9-945e-00e018f69096
kdegraphics>=3.2.0<3.3.0_1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|6a04bf0e-254b-11d9-945e-00e018f69096
-horde<2.2.7|http://lists.horde.org/archives/announce/2004/000107.html|Potential XSS vulnerability in the help window.|ed1d404d-2784-11d9-b954-000bdb1444a4
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt
index bc014ee..8af707e 100644
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@@ -81,4 +81,3 @@ mpg123<=0.59r_13|http://secunia.com/advisories/12478 http://www.osvdb.org/9748 h
imp<3.2.6|http://thread.gmane.org/gmane.comp.horde.imp/15488 http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.109&r2=1.389.2.111&ty=h|XSS hole in the HTML viewer - The script vulnerabilities can only be exposed with certain browsers and allow XSS attacks when viewing HTML messages with the HTML MIME viewer.|efc4819b-0b2d-11d9-bfe1-000bdb1444a4
koffice<1.3.2_1,1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|ecf6713f-2549-11d9-945e-00e018f69096
kdegraphics>=3.2.0<3.3.0_1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|6a04bf0e-254b-11d9-945e-00e018f69096
-horde<2.2.7|http://lists.horde.org/archives/announce/2004/000107.html|Potential XSS vulnerability in the help window.|ed1d404d-2784-11d9-b954-000bdb1444a4
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index b4fdcf0..de2051a 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,34 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="ed1d404d-2784-11d9-b954-000bdb1444a4">
+ <topic>horde -- cross-site scripting vulnerability in help
+ window</topic>
+ <affects>
+ <package>
+ <name>horde</name>
+ <name>horde-devel</name>
+ <range><lt>2.2.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A Horde Team announcement states that a potential cross-site
+ scripting vulnerability in the help window has been
+ corrected. The vulnerability appears to involve the handling
+ of the <code>topic</code> and <code>module</code> parameters
+ of the help window template.</p>
+ </body>
+ </description>
+ <references>
+ <mlist msgid="20041026115303.10FBEC046E@neo.wg.de">http://marc.theaimsgroup.com/?l=horde-announce&amp;m=109879164718625</mlist>
+ </references>
+ <dates>
+ <discovery>2004-10-06</discovery>
+ <entry>2004-10-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f4428842-a583-4a4c-89b7-297c3459a1c3">
<topic>bogofilter -- RFC 2047 decoder denial-of-service vulnerability</topic>
<affects>
OpenPOWER on IntegriCloud