Date: Thu, 6 Mar 2014 13:09:20 +0000 (UTC) From: Baptiste Daroussin <bapt@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r347193 - head/security/vuxml Message-ID: <201403061309.s26D9Keg097213@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bapt Date: Thu Mar 6 13:09:20 2014 New Revision: 347193 URL: http://svnweb.freebsd.org/changeset/ports/347193 QAT: https://qat.redports.org/buildarchive/r347193/ Log: Reference xmms vulnerabilities: CVE-2007-0653 and CVE-2007-0654 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Mar 6 13:04:17 2014 (r347192) +++ head/security/vuxml/vuln.xml Thu Mar 6 13:09:20 2014 (r347193) @@ -51,6 +51,46 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="20e23b65-a52e-11e3-ae3a-00224d7c32a2"> + <topic>xmms -- Integer Overflow And Underflow Vulnerabilities</topic> + <affects> + <package> + <name>xmms</name> + <range><le>1.2.11_20</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/secunia_research/2007-47/advisory/">; + <p>Secunia Research has discovered two vulnerabilities in XMMS, which can + be exploited by malicious people to compromise a user's system.</p> + + <p>1) An integer underflow error exists in the processing of skin bitmap + images. This can be exploited to cause a stack-based buffer overflow + via specially crafted skin images containing manipulated header + information.</p> + + <p>Successful exploitation allows execution of arbitrary code.</p> + + <p>2) An integer overflow error exists in the processing of skin bitmap + images. This can be exploited to cause memory corruption via specially + crafted skin images containing manipulated header information.</p> + + <p>Successful exploitation may allow the execution of arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-0653</cvename> + <cvename>CVE-2007-0654</cvename> + </references> + <dates> + <discovery>2007-02-06</discovery> + <entry>2014-03-06</entry> + </dates> + </vuln> + <vuln vid="89db3b31-a4c3-11e3-978f-f0def16c5c1b"> <topic>nginx -- SPDY memory corruption</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403061309.s26D9Keg097213>