Date: Fri, 16 Dec 2016 02:14:29 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r428640 - head/security/vuxml Message-ID: <201612160214.uBG2ET0f029037@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Fri Dec 16 02:14:29 2016 New Revision: 428640 URL: https://svnweb.freebsd.org/changeset/ports/428640 Log: Document two CVEs fixed in Atheme 7.2.7 PR: 209217 Security: CVE-2014-9773 Security: CVE-2016-4478 Security: https://vuxml.FreeBSD.org/freebsd/e47ab5db-c333-11e6-ae1b-002590263bf5.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Dec 16 01:50:46 2016 (r428639) +++ head/security/vuxml/vuln.xml Fri Dec 16 02:14:29 2016 (r428640) @@ -58,6 +58,43 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="e47ab5db-c333-11e6-ae1b-002590263bf5"> + <topic>atheme-services -- multiple vulnerabilities</topic> + <affects> + <package> + <name>atheme-services</name> + <range><lt>7.2.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Mitre reports:</p> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9773">; + <p>modules/chanserv/flags.c in Atheme before 7.2.7 allows remote + attackers to modify the Anope FLAGS behavior by registering and + dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.</p> + </blockquote> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4478">; + <p>Buffer overflow in the xmlrpc_char_encode function in + modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows + remote attackers to cause a denial of service via vectors related + to XMLRPC response encoding.</p> + </blockquote> + </body> + </description> + <references> + <freebsdpr>ports/209217</freebsdpr> + <cvename>CVE-2014-9773</cvename> + <cvename>CVE-2016-4478</cvename> + <url>https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e</url>; + <url>https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b</url>; + </references> + <dates> + <discovery>2016-01-09</discovery> + <entry>2016-12-16</entry> + </dates> + </vuln> + <vuln vid="512c0ffd-cd39-4da4-b2dc-81ff4ba8e238"> <topic>mozilla -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612160214.uBG2ET0f029037>