View | Details | Raw Unified | Return to bug 218852
Collapse All | Expand All

(-)vuln.xml (+29 lines)
Lines 58-63 Link Here
58
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
58
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59
-->
59
-->
60
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
60
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
61
  <vuln vid="81433129-2916-11e7-ad3e-00e04c1ea73d">
62
    <topic>weechat -- multiple vulnerabilities</topic>
63
    <affects>
64
      <package>
65
	<name>weechat</name>
66
	<range><lt>1.7</lt></range>
67
      </package>
68
    </affects>
69
    <description>
70
      <body xmlns="http://www.w3.org/1999/xhtml">
71
	<p>Common Vulnerabilities and Exposures:</p>
72
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8073">
73
	  <p>WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to 
74
	    the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes 
75
	    function during quote removal, with a buffer overflow.</p>
76
	</blockquote>
77
      </body>
78
    </description>
79
    <references>
80
      <cvename>CVE-2017-8073</cvename>
81
      <url>https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b</url>
82
      <url>https://weechat.org/download/security/</url>
83
    </references>
84
    <dates>
85
      <discovery>2017-04-23</discovery>
86
      <entry>2017-04-24</entry>
87
    </dates>
88
  </vuln>
89
61
  <vuln vid="1455c86c-26c2-11e7-9daa-6cf0497db129">
90
  <vuln vid="1455c86c-26c2-11e7-9daa-6cf0497db129">
62
    <topic>drupal8 -- Drupal Core - Critical - Access Bypass</topic>
91
    <topic>drupal8 -- Drupal Core - Critical - Access Bypass</topic>
63
    <affects>
92
    <affects>

Return to bug 218852