summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjosef <josef@FreeBSD.org>2004-10-24 19:39:27 +0000
committerjosef <josef@FreeBSD.org>2004-10-24 19:39:27 +0000
commit7af33b3b5023332820b25dd290a1947e6fb0364c (patch)
tree9ad375ee0e38c1e2500dac8b7fa27b097ccc1aea
parent7488b8bd539bb733c3764ca8b64bc44a28844cfd (diff)
downloadFreeBSD-ports-7af33b3b5023332820b25dd290a1947e6fb0364c.zip
FreeBSD-ports-7af33b3b5023332820b25dd290a1947e6fb0364c.tar.gz
Document SSL_Cypherbypass vulnerability in mod_ssl
and buffer overflow vulnerability in gaim.
-rw-r--r--security/vuxml/vuln.xml71
1 files changed, 71 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index e0b107c..6defc17 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,77 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="1e6c4008-245f-11d9-b584-0050fc56d258">
+ <topic>gaim -- buffer overflow in MSN protocol support</topic>
+ <affects>
+ <package>
+ <name>ja-gaim</name>
+ <range><ge>0.79</ge><le>1.0.1</le></range>
+ </package>
+ <package>
+ <name>gaim</name>
+ <range><ge>0.79</ge><le>1.0.1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Due to a buffer overflow in the MSN protocol support for
+ gaim 0.79 to 1.0.1, it is possible for remote clients to do a
+ denial-of-service attack on the application.
+ This is caused by an unbounded copy operation, which writes
+ to the wrong buffer.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2004-0891</cvename>
+ <url>http://gaim.sourceforge.net/security/?id=9</url>
+ </references>
+ <dates>
+ <discovery>2004-10-19</discovery>
+ <entry>2004-10-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4238151d-207a-11d9-bfe2-0090962cff2a">
+ <topic>mod_ssl -- SSLCipherSuite bypass</topic>
+ <affects>
+ <package>
+ <name>ru-apache+mod_ssl</name>
+ <range><le>1.3.31+30.20+2.8.18</le></range>
+ </package>
+ <package>
+ <name>apache+mod_ssl</name>
+ <range><lt>1.3.31+2.8.20</lt></range>
+ </package>
+ <package>
+ <name>apache+mod_ssl+ipv6</name>
+ <range><le>1.3.31+2.8.18_4</le></range>
+ </package>
+ <package>
+ <name>apache2</name>
+ <range><le>2.0.52_1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>It is possible for clients to use any cipher suite configured by
+ the virtual host, whether or not a certain cipher suite is selected
+ for a specific directory. This might result in clients using a
+ weaker encryption than originally configured.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2004-0885</cvename>
+ <mlist msgid="20041008152510.GE8385@redhat.com">http://marc.theaimsgroup.com/?l=apache-modssl&amp;m=109724918128044</mlist>
+ <url>http://issues.apache.org/bugzilla/show_bug.cgi?id=31505</url>
+ </references>
+ <dates>
+ <discovery>2004-10-01</discovery>
+ <entry>2004-10-23</entry>
+ </dates>
+ </vuln>
+
+
<vuln vid="20d16518-2477-11d9-814e-0001020eed82">
<topic>mpg123 -- buffer overflow in URL handling</topic>
<affects>
OpenPOWER on IntegriCloud