Attachment 77701 Details for Bug 111844 – vuxml.diff

[patch] vuxml.diff

vuxml.diff (text/plain), 1.47 KB, created by Philip M. Gollucci on 2007-04-24 23:51:21 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Philip M. Gollucci

Created: 2007-04-24 23:51:21 UTC

Size: 1.47 KB

patch

obsolete

>? work
>Index: vuln.xml
>===================================================================
>RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
>retrieving revision 1.1317
>diff -u -r1.1317 vuln.xml
>--- vuln.xml	23 Apr 2007 14:12:10 -0000	1.1317
>+++ vuln.xml	24 Apr 2007 22:51:11 -0000
>@@ -34,6 +34,35 @@
> 
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+  <vuln vid="ef2ffb03-f2b0-11db-ad25-0010b5a0a860">
>+    <topic> mod_perl -- remote DOS in PATH_INFO parsing</topic>
>+    <affects>
>+      <package>
>+	<name>mod_perl</name>
>+	<range><lt>1.30</lt></range>
>+      </package>
>+    </affects>
>+    <description>
>+      <body xmlns="http://www.w3.org/1999/xhtml">
>+    <p>CVE repots:</p>
>+    <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349">
>+      <p>PerlRun.pm in Apache mod_perl 1.29 and earlier, and RegistryCooker.pm in
>+        mod_perl 2.x, does not properly escape PATH_INFO before use in a regular 
>+        expression, which allows remote attackers to cause a denial of service 
>+        (resource consumption) via a crafted URI.</p>
>+	</blockquote>
>+      </body>
>+    </description>
>+    <references>
>+      <cvename>CVE-2007-1349</cvename>
>+      <url>URL:http://secunia.com/advisories/24839</url>
>+    </references>
>+    <dates>
>+      <discovery>2007-03-29</discovery>
>+      <entry>2007-04-24</entry>
>+    </dates>
>+  </vuln>
>+
>   <vuln vid="c389d06d-ee57-11db-bd51-0016179b2dd5">
>     <topic>claws-mail -- APOP vulnerability</topic>
>     <affects>

Actions: View | Diff

Attachments on bug 111844: 77700 | 77701