Multiple vulnerabilities are not listed in vuln.xml: OpenLDAP -- incorrect handling of NULL in certificate Common Name (openldap24-client and linux-f10-openldap) cURL -- inappropriate GSSAPI delegation (curl and linux-f10-curl) dbus-glib -- privledge escalation (dbus-glib and linux-f10-dbus-glib) nas -- multiple vulnerabilities (nas and linux-f10-nas-libs) libaudiofile -- heap-based overflow in Microsoft ADPCM compression module (libaudiofile and linux-f10-libaudiofile) also previous vulnerabilities entries don't cover linux-f10-* packages: linux-f10-gnutls, linux-f10-libgcrypt, linux-f10-libxml2, linux-f10-png, linux-f10-tiff, linux-f10-nss, linux-f10-expat. Please find attached patch for vuxml adding vulnerable ports to the database. Fix: Patch attached with submission follows: How-To-Repeat: Choose a random listed package(s) and read attached link to description of vulnerability.
Responsible Changed From-To: freebsd-ports-bugs->ports-secteam Over to maintainer (via the GNATS Auto Assign Tool)
Responsible Changed From-To: ports-secteam->swills I'll take it.
Author: swills Date: Tue Apr 15 20:21:44 2014 New Revision: 351364 URL: http://svnweb.freebsd.org/changeset/ports/351364 QAT: https://qat.redports.org/buildarchive/r351364/ Log: - Add multiple missing entries PR: ports/188512 Submitted by: Pawel Biernacki <pawel.biernacki@gmail.com> Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Apr 15 19:40:30 2014 (r351363) +++ head/security/vuxml/vuln.xml Tue Apr 15 20:21:44 2014 (r351364) @@ -51,6 +51,160 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="abad20bf-c1b4-11e3-a5ac-001b21614864"> + <topic>OpenLDAP -- incorrect handling of NULL in certificate Common Name</topic> + <affects> + <package> + <name>openldap24-client</name> + <name>linux-f10-openldap</name> + <range><lt>2.4.18</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jan Lieskovsky reports:</p> + <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767"> + <p>OpenLDAP does not properly handle a '\0' character in a domain name + in the subject's Common Name (CN) field of an X.509 certificate, + which allows man-in-the-middle attackers to spoof arbitrary SSL + servers via a crafted certificate issued by a legitimate + Certification Authority</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3767</cvename> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767</url> + </references> + <dates> + <discovery>2009-08-07</discovery> + <entry>2014-04-11</entry> + </dates> + </vuln> + + <vuln vid="9aecb94c-c1ad-11e3-a5ac-001b21614864"> + <topic>cURL -- inappropriate GSSAPI delegation</topic> + <affects> + <package> + <name>curl</name> + <name>linux-f10-curl</name> + <range><ge>7.10.6</ge><le>7.21.6</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cURL reports:</p> + <blockquote cite="http://curl.haxx.se/docs/adv_20110623.html"> + <p>When doing GSSAPI authentication, libcurl unconditionally performs + credential delegation. This hands the server a copy of the client's + security credentials, allowing the server to impersonate the client + to any other using the same GSSAPI mechanism.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-2192</cvename> + <url>http://curl.haxx.se/docs/adv_20110623.html</url> + </references> + <dates> + <discovery>2011-06-23</discovery> + <entry>2014-04-11</entry> + </dates> + </vuln> + + <vuln vid="77bb0541-c1aa-11e3-a5ac-001b21614864"> + <topic>dbus-glib -- privledge escalation</topic> + <affects> + <package> + <name>dbus-glib</name> + <name>linux-f10-dbus-glib</name> + <range><lt>0.100.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Sebastian Krahmer reports:</p> + <blockquote cite="https://bugs.freedesktop.org/show_bug.cgi?id=60916"> + <p>A privilege escalation flaw was found in the way dbus-glib, the + D-Bus add-on library to integrate the standard D-Bus library with + the GLib thread abstraction and main loop, performed filtering of + the message sender (message source subject), when the + NameOwnerChanged signal was received. A local attacker could use + this flaw to escalate their privileges.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-0292</cvename> + <url>https://bugs.freedesktop.org/show_bug.cgi?id=60916</url> + </references> + <dates> + <discovery>2013-02-15</discovery> + <entry>2014-04-11</entry> + </dates> + </vuln> + + <vuln vid="bf7912f5-c1a8-11e3-a5ac-001b21614864"> + <topic>nas -- multiple vulnerabilities</topic> + <affects> + <package> + <name>nas</name> + <name>linux-f10-nas-libs</name> + <range><lt>1.9.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Hamid Zamani reports:</p> + <blockquote cite="http://radscan.com/pipermail/nas/2013-August/001270.html"> + <p>multiple security problems (buffer overflows, format string + vulnerabilities and missing input sanitising), which could lead to + the execution of arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-4256</cvename> + <cvename>CVE-2013-4257</cvename> + <cvename>CVE-2013-4258</cvename> + <url>http://radscan.com/pipermail/nas/2013-August/001270.html</url> + </references> + <dates> + <discovery>2013-08-07</discovery> + <entry>2014-04-11</entry> + </dates> + </vuln> + + <vuln vid="09f47c51-c1a6-11e3-a5ac-001b21614864"> + <topic>libaudiofile -- heap-based overflow in Microsoft ADPCM compression module</topic> + <affects> + <package> + <name>libaudiofile</name> + <name>linux-f10-libaudiofile</name> + <range><lt>0.2.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Debian reports:</p> + <blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205"> + <p>Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile + 0.2.6 allows context-dependent attackers to cause a denial of service + (application crash) or possibly execute arbitrary code via a crafted + WAV file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-0159</cvename> + <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205</url> + </references> + <dates> + <discovery>2008-12-30</discovery> + <entry>2014-04-11</entry> + </dates> + </vuln> + <vuln vid="972837fc-c304-11e3-8758-00262d5ed8ee"> <topic>ChaSen -- buffer overflow</topic> <affects> @@ -1120,6 +1274,7 @@ Note: Please add new entries to the beg <affects> <package> <name>gnutls</name> + <name>linux-f10-gnutls</name> <range><lt>2.12.23_4</lt></range> </package> <package> @@ -4680,6 +4835,7 @@ affected..</p> <affects> <package> <name>libgcrypt</name> + <name>linux-f10-libgcrypt</name> <range><lt>1.5.3</lt></range> </package> </affects> @@ -4696,6 +4852,7 @@ affected..</p> </body> </description> <references> + <cvename>CVE-2013-4242</cvename> <url>http://eprint.iacr.org/2013/448</url> <url>http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html</url> <url>http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html</url> @@ -17622,6 +17779,7 @@ executed in your Internet Explorer while <affects> <package> <name>libxml2</name> + <name>linux-f10-libxml2</name> <range><lt>2.7.8_3</lt></range> </package> </affects> @@ -18924,6 +19082,7 @@ executed in your Internet Explorer while <affects> <package> <name>png</name> + <name>linux-f10-png</name> <range><lt>1.4.11</lt></range> </package> </affects> @@ -19965,6 +20124,7 @@ executed in your Internet Explorer while <affects> <package> <name>libxml2</name> + <name>linux-f10-libxml2</name> <range><lt>2.7.8_2</lt></range> </package> </affects> @@ -22742,6 +22902,7 @@ executed in your Internet Explorer while </package> <package> <name>libxml2</name> + <name>linux-f10-libxml2</name> <range><lt>2.7.8</lt></range> </package> </affects> @@ -32391,6 +32552,7 @@ executed in your Internet Explorer while </package> <package> <name>linux-tiff</name> + <name>linux-f10-tiff</name> <range><lt>3.9.4</lt></range> </package> </affects> @@ -33576,6 +33738,11 @@ executed in your Internet Explorer while <name>linux-firefox-devel</name> <range><lt>3.5.9</lt></range> </package> + <package> + <name>nss</name> + <name>linux-f10-nss</name> + <range><lt>3.12.5</lt></range> + </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> @@ -35105,6 +35272,7 @@ executed in your Internet Explorer while <affects> <package> <name>expat2</name> + <name>linux-f10-expat</name> <range><lt>2.0.1_1</lt></range> </package> </affects> _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed, with minor changes. Thanks!