Date: Sun, 31 May 2009 22:37:44 +0400 (MSD) From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/135097: [vuxml] devel/cscope: document CVE-2009-0148 and CVE-2009-1577 Message-ID: <20090531183744.C76D7B806B@phoenix.codelabs.ru> Resent-Message-ID: <200905311840.n4VIeFHj020498@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 135097 >Category: ports >Synopsis: [vuxml] devel/cscope: document CVE-2009-0148 and CVE-2009-1577 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun May 31 18:40:14 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.2-STABLE amd64 >Organization: Code Labs >Environment: System: FreeBSD 7.2-STABLE amd64 >Description: Two vulnerabilities were recently added to the CVE database: [1], [2]. Vulnerabilities were fixed in 15.7a and 15.6 respectively. >How-To-Repeat: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0148 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1577 >Fix: The following VuXML entries should be evaluated and added to the VuXML database: --- vuln1.xml begins here --- <vuln vid="d53d5882-4e06-11de-94a9-001fc66e7203"> <topic>cscope -- multiple buffer overflows</topic> <affects> <package> <name>cscope</name> <range><lt>15.7a</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Secunia reports:</p> <blockquote cite="http://secunia.com/advisories/34978">; <p>Some vulnerabilities have been reported in Cscope, which potentially can be exploited by malicious people to compromise a user's system.</p> <p>The vulnerabilities are caused due to various boundary errors, which can be exploited to cause buffer overflows when parsing specially crafted files or directories.</p> </blockquote> </body> </description> <references> <cvename>CVE-2009-0148</cvename> <bid>34805</bid> <url>http://secunia.com/advisories/34978</url>; <url>http://support.apple.com/kb/HT3549</url>; </references> <dates> <discovery>2009-05-31</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln1.xml ends here --- --- vuln2.xml begins here --- <vuln vid="ea8e9e5f-4e08-11de-94a9-001fc66e7203"> <topic>cscope -- find.c stack-based buffer overflow</topic> <affects> <package> <name>cscope</name> <range><lt>15.6</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>SecurityFocus reports:</p> <blockquote cite="http://www.securityfocus.com/bid/34832">; <p>Cscope is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.</p> <p>Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.</p> </blockquote> </body> </description> <references> <cvename>CVE-2009-1577</cvename> <bid>34832</bid> <url>http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19</url>; </references> <dates> <discovery>2009-05-31</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln2.xml ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090531183744.C76D7B806B>