Date: Fri, 11 Jan 2013 01:16:14 +0000 (UTC) From: Ryan Steinmetz <zi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r310216 - head/security/vuxml Message-ID: <201301110116.r0B1GERI003810@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zi Date: Fri Jan 11 01:16:14 2013 New Revision: 310216 URL: http://svnweb.freebsd.org/changeset/ports/310216 Log: - Document vulnerability in net-mgmt/nagios (CVE-2012-6096) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jan 11 01:14:52 2013 (r310215) +++ head/security/vuxml/vuln.xml Fri Jan 11 01:16:14 2013 (r310216) @@ -51,6 +51,34 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="97c22a94-5b8b-11e2-b131-000c299b62e1"> + <topic>nagios -- buffer overflow in history.cgi</topic> + <affects> + <package> + <name>nagios</name> + <range><lt>3.4.3_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>full disclosure reports:</p> + <blockquote cite="http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html"> + <p>history.cgi is vulnerable to a buffer overflow due to the use of + sprintf with user supplied data that has not been restricted in size.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-6096</cvename> + <url>http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html</url> + <url>http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547</url> + </references> + <dates> + <discovery>2013-01-10</discovery> + <entry>2013-01-10</entry> + </dates> + </vuln> + <vuln vid="46bd747b-5b84-11e2-b06d-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301110116.r0B1GERI003810>