Attachment #182051 for bug #218852

View | Details | Raw Unified | Return to bug 218852
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="81433129-2916-11e7-ad3e-00e04c1ea73d">
    <topic>weechat -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>weechat</name>
	<range><lt>1.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Common Vulnerabilities and Exposures:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8073">
	  <p>WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to 
	    the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes 
	    function during quote removal, with a buffer overflow.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2017-8073</cvename>
      <url>https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b</url>
      <url>https://weechat.org/download/security/</url>
    </references>
    <dates>
      <discovery>2017-04-23</discovery>
      <entry>2017-04-24</entry>
    </dates>
  </vuln>

  <vuln vid="1455c86c-26c2-11e7-9daa-6cf0497db129">
    <topic>drupal8 -- Drupal Core - Critical - Access Bypass</topic>
    <affects>

Return to bug 218852

Lines 58-63 Link Here

(-)vuln.xml (+29 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="81433129-2916-11e7-ad3e-00e04c1ea73d">
		62	<topic>weechat -- multiple vulnerabilities</topic>
		63	<affects>
		64	<package>
		65	<name>weechat</name>
		66	<range><lt>1.7</lt></range>
		67	</package>
		68	</affects>
		69	<description>
		70	<body xmlns="http://www.w3.org/1999/xhtml">
		71	<p>Common Vulnerabilities and Exposures:</p>
		72	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8073">
		73	<p>WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to
		74	the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes
		75	function during quote removal, with a buffer overflow.</p>
		76	</blockquote>
		77	</body>
		78	</description>
		79	<references>
		80	<cvename>CVE-2017-8073</cvename>
		81	<url>https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b</url>
		82	<url>https://weechat.org/download/security/</url>
		83	</references>
		84	<dates>
		85	<discovery>2017-04-23</discovery>
		86	<entry>2017-04-24</entry>
		87	</dates>
		88	</vuln>
		89
61	<vuln vid="1455c86c-26c2-11e7-9daa-6cf0497db129">	90	<vuln vid="1455c86c-26c2-11e7-9daa-6cf0497db129">
62	<topic>drupal8 -- Drupal Core - Critical - Access Bypass</topic>	91	<topic>drupal8 -- Drupal Core - Critical - Access Bypass</topic>
63	<affects>	92	<affects>