Attachment #213681 for bug #245819

View | Details | Raw Unified | Return to bug 245819 | Differences between
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="c5fb0702-847e-11ea-a283-b42e99a1b9c3">
    <topic>Regular Expression DoS attack against client</topic>
    <affects>
      <package>
	<name>python38</name>
	<range><ge>3.8.0</ge><lt>3.8.2</lt></range>
      </package>
      <package>
	<name>python37</name>
	<range><ge>3.7.0</ge><lt>3.7.7</lt></range>
      </package>
      <package>
	<name>python36</name>
	<range><ge>3.6.0</ge><lt>3.6.10</lt></range>
      </package>
      <package>
	<name>python35</name>
	<range><ge>3.5.0</ge><lt>3.5.9</lt></range>
      </package>
      <package>
	<name>python27</name>
	<range><ge>2.7.0</ge><lt>2.7.17_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Ben Caller, Matt Schwager report:</p>
	<blockquote cite="https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html">
	  <p>Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6,
	  and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service
	  (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler
	  catastrophic backtracking</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2020-8492</url>
      <cvename>CVE-2020-8492</cvename>
    </references>
    <dates>
      <discovery>2005-09-23</discovery>
      <entry>2005-09-29</entry>
    </dates>
  </vuln>

  <vuln vid="0f798bd6-8325-11ea-9a78-08002728f74c">
    <topic>libntlm -- buffer overflow vulnerability</topic>
    <affects>

Return to bug 245819

Lines 58-63 Link Here

(-)vuln2.xml (+46 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="c5fb0702-847e-11ea-a283-b42e99a1b9c3">
		62	<topic>Regular Expression DoS attack against client</topic>
		63	<affects>
		64	<package>
		65	<name>python38</name>
		66	<range><ge>3.8.0</ge><lt>3.8.2</lt></range>
		67	</package>
		68	<package>
		69	<name>python37</name>
		70	<range><ge>3.7.0</ge><lt>3.7.7</lt></range>
		71	</package>
		72	<package>
		73	<name>python36</name>
		74	<range><ge>3.6.0</ge><lt>3.6.10</lt></range>
		75	</package>
		76	<package>
		77	<name>python35</name>
		78	<range><ge>3.5.0</ge><lt>3.5.9</lt></range>
		79	</package>
		80	<package>
		81	<name>python27</name>
		82	<range><ge>2.7.0</ge><lt>2.7.17_1</lt></range>
		83	</package>
		84	</affects>
		85	<description>
		86	<body xmlns="http://www.w3.org/1999/xhtml">
		87	<p>Ben Caller, Matt Schwager report:</p>
		88	<blockquote cite="https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html">
		89	<p>Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6,
		90	and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service
		91	(ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler
		92	catastrophic backtracking</p>
		93	</blockquote>
		94	</body>
		95	</description>
		96	<references>
		97	<url>https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html</url>
		98	<url>https://nvd.nist.gov/vuln/detail/CVE-2020-8492</url>
		99	<cvename>CVE-2020-8492</cvename>
		100	</references>
		101	<dates>
		102	<discovery>2005-09-23</discovery>
		103	<entry>2005-09-29</entry>
		104	</dates>
		105	</vuln>
		106
61	<vuln vid="0f798bd6-8325-11ea-9a78-08002728f74c">	107	<vuln vid="0f798bd6-8325-11ea-9a78-08002728f74c">
62	<topic>libntlm -- buffer overflow vulnerability</topic>	108	<topic>libntlm -- buffer overflow vulnerability</topic>
63	<affects>	109	<affects>