Attachment #177034 for bug #214532

View | Details | Raw Unified | Return to bug 214532 | Differences between
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="18449f92-ab39-11e6-8011-005056925db4">
    <topic>libwww -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>libwww</name>
	<range><lt>5.4.0_6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mitre reports:</p>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183">
	 <p>The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww)
	 allows remote servers to cause a denial of service (segmentation fault) via a
	 crafted multipart/byteranges MIME message that triggers an out-of-bounds read.</p>
	</blockquote>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">
	 <p>The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used
	 in the XML-Twig module for Perl, allows context-dependent attackers to cause a
	 denial of service (application crash) via an XML document with malformed UTF-8
	 sequences that trigger a buffer over-read, related to the doProlog function in
	 lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.</p>
	</blockquote>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">
	 <p>The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1,
	 as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent
	 attackers to cause a denial of service (application crash) via an XML document with
	 crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability
	 than CVE-2009-2625.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183</url>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=170518</url>
      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560</url>
      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720</url>
      <cvename>CVE-2005-3183</cvename>
      <cvename>CVE-2009-3560</cvename>
      <cvename>CVE-2009-3720</cvename>
    </references>
    <dates>
      <discovery>2005-10-12</discovery>
      <entry>2016-11-15</entry>
    </dates>
  </vuln>

  <vuln vid="a8e9d834-a916-11e6-b9b4-bcaec524bf84">
    <topic>lives -- insecure files permissions</topic>
    <affects>

Return to bug 214532

Lines 58-63 Link Here

(-)vuln.xml (+47 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="18449f92-ab39-11e6-8011-005056925db4">
		62	<topic>libwww -- multiple vulnerabilities</topic>
		63	<affects>
		64	<package>
		65	<name>libwww</name>
		66	<range><lt>5.4.0_6</lt></range>
		67	</package>
		68	</affects>
		69	<description>
		70	<body xmlns="http://www.w3.org/1999/xhtml">
		71	<p>Mitre reports:</p>
		72	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183">
		73	<p>The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww)
		74	allows remote servers to cause a denial of service (segmentation fault) via a
		75	crafted multipart/byteranges MIME message that triggers an out-of-bounds read.</p>
		76	</blockquote>
		77	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">
		78	<p>The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used
		79	in the XML-Twig module for Perl, allows context-dependent attackers to cause a
		80	denial of service (application crash) via an XML document with malformed UTF-8
		81	sequences that trigger a buffer over-read, related to the doProlog function in
		82	lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.</p>
		83	</blockquote>
		84	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">
		85	<p>The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1,
		86	as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent
		87	attackers to cause a denial of service (application crash) via an XML document with
		88	crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability
		89	than CVE-2009-2625.</p>
		90	</blockquote>
		91	</body>
		92	</description>
		93	<references>
		94	<url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183</url>
		95	<url>https://bugzilla.redhat.com/show_bug.cgi?id=170518</url>
		96	<url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560</url>
		97	<url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720</url>
		98	<cvename>CVE-2005-3183</cvename>
		99	<cvename>CVE-2009-3560</cvename>
		100	<cvename>CVE-2009-3720</cvename>
		101	</references>
		102	<dates>
		103	<discovery>2005-10-12</discovery>
		104	<entry>2016-11-15</entry>
		105	</dates>
		106	</vuln>
		107
61	<vuln vid="a8e9d834-a916-11e6-b9b4-bcaec524bf84">	108	<vuln vid="a8e9d834-a916-11e6-b9b4-bcaec524bf84">
62	<topic>lives -- insecure files permissions</topic>	109	<topic>lives -- insecure files permissions</topic>
63	<affects>	110	<affects>