vulnerability announced in memcached. Port is already at 1.2.8 which is not vulnerable, so this vuxml is for the laggers. Fix: <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuln vid="db026d59-05d0-4544-8cd2-f2a9ab37ce26"> <topic>memcached -- memcached stats maps Information Disclosure Weakness</topic> <affects> <package> <name>memcached</name> <range><le>1.2.8</le></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Secunia reports:</p> <blockquote cite="http://secunia.com/advisories/34915/"> <p>A weakness has been reported in memcached which can be exploited by malicious people to disclose system information. The weakness is caused due to the application disclosing the content of /proc/self/maps if a stats maps command is received. This can be exploited to disclose e.g. the addresses of allocated memory regions. The weakness is reported in version 1.2.7. Prior versions may also be affected.</p> </blockquote> </body> </description> <references> <url>http://secunia.com/advisories/34915/</url> </references> <dates> <discovery>2009-04-29</discovery> <entry>2009-05-04</entry> </dates> </vuln>
Responsible Changed From-To: freebsd-ports-bugs->mnag Over to maintainer (via the GNATS Auto Assign Tool)
mnag 2009-08-17 13:26:56 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: - memcached -- memcached stats maps Information Disclosure Weakness PR: 134206 Submitted by: Mark Foster <mark___foster.cc> Revision Changes Path 1.2010 +32 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed, with minor changes. Thanks!