diff options
author | josef <josef@FreeBSD.org> | 2004-10-24 19:39:27 +0000 |
---|---|---|
committer | josef <josef@FreeBSD.org> | 2004-10-24 19:39:27 +0000 |
commit | 7af33b3b5023332820b25dd290a1947e6fb0364c (patch) | |
tree | 9ad375ee0e38c1e2500dac8b7fa27b097ccc1aea | |
parent | 7488b8bd539bb733c3764ca8b64bc44a28844cfd (diff) | |
download | FreeBSD-ports-7af33b3b5023332820b25dd290a1947e6fb0364c.zip FreeBSD-ports-7af33b3b5023332820b25dd290a1947e6fb0364c.tar.gz |
Document SSL_Cypherbypass vulnerability in mod_ssl
and buffer overflow vulnerability in gaim.
-rw-r--r-- | security/vuxml/vuln.xml | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e0b107c..6defc17 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,77 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="1e6c4008-245f-11d9-b584-0050fc56d258"> + <topic>gaim -- buffer overflow in MSN protocol support</topic> + <affects> + <package> + <name>ja-gaim</name> + <range><ge>0.79</ge><le>1.0.1</le></range> + </package> + <package> + <name>gaim</name> + <range><ge>0.79</ge><le>1.0.1</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Due to a buffer overflow in the MSN protocol support for + gaim 0.79 to 1.0.1, it is possible for remote clients to do a + denial-of-service attack on the application. + This is caused by an unbounded copy operation, which writes + to the wrong buffer.</p> + </body> + </description> + <references> + <cvename>CAN-2004-0891</cvename> + <url>http://gaim.sourceforge.net/security/?id=9</url> + </references> + <dates> + <discovery>2004-10-19</discovery> + <entry>2004-10-24</entry> + </dates> + </vuln> + + <vuln vid="4238151d-207a-11d9-bfe2-0090962cff2a"> + <topic>mod_ssl -- SSLCipherSuite bypass</topic> + <affects> + <package> + <name>ru-apache+mod_ssl</name> + <range><le>1.3.31+30.20+2.8.18</le></range> + </package> + <package> + <name>apache+mod_ssl</name> + <range><lt>1.3.31+2.8.20</lt></range> + </package> + <package> + <name>apache+mod_ssl+ipv6</name> + <range><le>1.3.31+2.8.18_4</le></range> + </package> + <package> + <name>apache2</name> + <range><le>2.0.52_1</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>It is possible for clients to use any cipher suite configured by + the virtual host, whether or not a certain cipher suite is selected + for a specific directory. This might result in clients using a + weaker encryption than originally configured.</p> + </body> + </description> + <references> + <cvename>CAN-2004-0885</cvename> + <mlist msgid="20041008152510.GE8385@redhat.com">http://marc.theaimsgroup.com/?l=apache-modssl&m=109724918128044</mlist> + <url>http://issues.apache.org/bugzilla/show_bug.cgi?id=31505</url> + </references> + <dates> + <discovery>2004-10-01</discovery> + <entry>2004-10-23</entry> + </dates> + </vuln> + + <vuln vid="20d16518-2477-11d9-814e-0001020eed82"> <topic>mpg123 -- buffer overflow in URL handling</topic> <affects> |