Two vulnerabilities were recently added to the CVE database: [1], [2]. Vulnerabilities were fixed in 15.7a and 15.6 respectively. Fix: The following VuXML entries should be evaluated and added to the VuXML database: <vuln vid="ea8e9e5f-4e08-11de-94a9-001fc66e7203"> <topic>cscope -- find.c stack-based buffer overflow</topic> <affects> <package> <name>cscope</name> <range><lt>15.6</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>SecurityFocus reports:</p> <blockquote cite="http://www.securityfocus.com/bid/34832"> <p>Cscope is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.</p> <p>Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.</p> </blockquote> </body> </description> <references> <cvename>CVE-2009-1577</cvename> <bid>34832</bid> <url>http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19</url> </references> <dates> <discovery>2009-05-31</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln2.xml ends here -----jXMJ3fVicDgzAasYNw7MY8ideFllWfn4QAvxcV3KiCg92WfC Content-Type: text/plain; name="vuln1.xml" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="vuln1.xml" <vuln vid="d53d5882-4e06-11de-94a9-001fc66e7203"> <topic>cscope -- multiple buffer overflows</topic> <affects> <package> <name>cscope</name> <range><lt>15.7a</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Secunia reports:</p> <blockquote cite="http://secunia.com/advisories/34978"> <p>Some vulnerabilities have been reported in Cscope, which potentially can be exploited by malicious people to compromise a user's system.</p> <p>The vulnerabilities are caused due to various boundary errors, which can be exploited to cause buffer overflows when parsing specially crafted files or directories.</p> </blockquote> </body> </description> <references> <cvename>CVE-2009-0148</cvename> <bid>34805</bid> <url>http://secunia.com/advisories/34978</url> <url>http://support.apple.com/kb/HT3549</url> </references> <dates> <discovery>2009-05-31</discovery> <entry>TODAY</entry> </dates> </vuln> How-To-Repeat: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0148 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1577
Responsible Changed From-To: freebsd-ports-bugs->gahr Over to maintainer (via the GNATS Auto Assign Tool)
Responsible Changed From-To: gahr->miwi take over.
miwi 2009-06-16 20:52:44 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: - Document cscope -- buffer overflow PR: based on 135097 Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Revision Changes Path 1.1970 +13 -8 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!
miwi 2009-06-16 20:59:01 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: - Document cscope -- multiple buffer overflows PR: 135097 Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Revision Changes Path 1.1971 +33 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"