FreeBSD Bugzilla – Attachment 116217 Details for
Bug 158137
[UPDATE] net-im/ejabberd: update to 2.1.8
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
vuxml-ejabberd-2.1.8.diff.txt
vuxml-ejabberd-2.1.8.diff.txt (text/plain), 2.02 KB, created by
R.Mahmatkhanov
on 2011-06-21 21:50:56 UTC
(
hide
)
Description:
vuxml-ejabberd-2.1.8.diff.txt
Filename:
MIME Type:
Creator:
R.Mahmatkhanov
Created:
2011-06-21 21:50:56 UTC
Size:
2.02 KB
patch
obsolete
>--- vuln.xml.orig 2011-06-21 21:49:59.000000000 +0400 >+++ vuln.xml 2011-06-22 00:49:04.000000000 +0400 >@@ -34,6 +34,37 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6"> >+ <topic>ejabberd -- remote denial of service vulnerability</topic> >+ <affects> >+ <package> >+ <name>ejabberd</name> >+ <range><lt>2.1.7</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>It's reported in CVE advisory that:</p> >+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1753"> >+ <p>expat_erl.c in ejabberd before 2.1.7 and 3.x before >+ 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect >+ recursion during entity expansion, which allows remote attackers >+ to cause a denial of service (memory and CPU consumption) via a >+ crafted XML document containing a large number of nested entity >+ references, a similar issue to CVE-2003-1564.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2011-1753</cvename> >+ <url>http://www.ejabberd.im/ejabberd-2.1.7</url> >+ </references> >+ <dates> >+ <discovery>2011-04-27</discovery> >+ <entry>2011-06-22</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="23c8423e-9bff-11e0-8ea2-0019d18c446a"> > <topic>piwik -- remote command execution vulnerability</topic> > <affects> >@@ -49,7 +80,7 @@ > <p>The Piwik 1.5 release addresses a critical security vulnerability, > which affect all Piwik users that have let granted some access to > the "anonymous" user.</p> >- <p>Piwik contains a remotely exploitable vulnerabiliy that could >+ <p>Piwik contains a remotely exploitable vulnerability that could > allow a remote attacker to execute arbitrary code. Only > installations that have granted untrusted view access to their > stats (ie. grant "view" access to a website to anonymous) are at
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=116217">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 158137
:
116216
| 116217