Date: Tue, 4 Jul 2017 19:01:06 +0000 (UTC) From: Alexey Dokuchaev <danfe@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r445038 - head/security/vuxml Message-ID: <201707041901.v64J16ww059940@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: danfe Date: Tue Jul 4 19:01:06 2017 New Revision: 445038 URL: https://svnweb.freebsd.org/changeset/ports/445038 Log: Fix a bunch of noticed typos and spelling mistakes, covering years 2016-2017. Some of those are so common that I've taken liberty to fix them all over the file. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jul 4 18:38:05 2017 (r445037) +++ head/security/vuxml/vuln.xml Tue Jul 4 19:01:06 2017 (r445038) @@ -447,7 +447,7 @@ maliciously crafted GET request to the Horde server.</ </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome releaseses reports:</p> + <p>Google Chrome releases reports:</p> <blockquote cite="https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html">; <p>5 security fixes in this release, including:</p> <ul> @@ -1655,7 +1655,7 @@ maliciously crafted GET request to the Horde server.</ filter, content inside Hamlit filters (:css, :javascript, :preserve, :plain) is not automatically escaped.</p> <h1>Cross-Site Scripting (XSS) vulnerability in git submodule support</h1> - <p>Jobert Abma from HackerOne reported a persitent XSS vulnerability in the + <p>Jobert Abma from HackerOne reported a persistent XSS vulnerability in the GitLab repository files view that could be exploited by injecting malicious script into a git submodule.</p> <h1>Cross-Site Scripting (XSS) vulnerability in repository "new branch" @@ -2841,7 +2841,7 @@ maliciously crafted GET request to the Horde server.</ </vuln> <vuln vid="d9e01c35-2531-11e7-b291-b499baebfeaf"> - <topic>MySQL -- mulitiple vulnerabilities</topic> + <topic>MySQL -- multiple vulnerabilities</topic> <affects> <package> <name>mariadb55-server</name> @@ -3765,7 +3765,7 @@ maliciously crafted GET request to the Horde server.</ application. Methods and means of acquiring the CRLs is not part of the TLS handshake and in the strict TLS setting this vulnerability cannot be triggered remotely. The vulnerability - cannot be triggered unless the application explicitely calls + cannot be triggered unless the application explicitly calls mbedtls_x509_crl_parse() or mbedtls_x509_crl_parse_file()on a PEM formatted CRL of untrusted origin. In which case the vulnerability can be exploited to launch a denial of service @@ -4562,7 +4562,7 @@ maliciously crafted GET request to the Horde server.</ </vuln> <vuln vid="79bbb8f8-f049-11e6-8a6a-bcaec565249c"> - <topic>gtk-vnc -- bounds checking vulnabilities</topic> + <topic>gtk-vnc -- bounds checking vulnerabilities</topic> <affects> <package> <name>gtk-vnc</name> @@ -4837,7 +4837,7 @@ maliciously crafted GET request to the Horde server.</ <p>Jens Georg reports:</p> <blockquote cite="https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html">; <p>I have just released Shotwell 0.24.5 and 0.25.4 which turn - on HTTPS encyption all over the publishing plugins.</p> + on HTTPS encryption all over the publishing plugins.</p> <p>Users using Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade.</p> @@ -5313,10 +5313,10 @@ maliciously crafted GET request to the Horde server.</ </blockquote> <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-3/">; <h3>Summary</h3> - <p>DOS vulnerabiltiy in table editing</p> + <p>DOS vulnerability in table editing</p> <h3>Description</h3> <p>It was possible to trigger recursive include operation by - crafter parameters when editing table data.</p> + crafted parameters when editing table data.</p> <h3>Severity</h3> <p>We consider this to be non critical.</p> </blockquote> @@ -5385,7 +5385,7 @@ maliciously crafted GET request to the Horde server.</ </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Intel Corporaion reports:</p> + <p>Intel Corporation reports:</p> <blockquote cite="https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr">; <p>A security vulnerability in the Intel(R) Ethernet Controller X710 and Intel(R) Ethernet Controller XL710 family of products @@ -6841,7 +6841,7 @@ maliciously crafted GET request to the Horde server.</ <body xmlns="http://www.w3.org/1999/xhtml">; <p>Samba team reports:</p> <blockquote cite="https://www.samba.org/samba/latest_news.html#4.5.3">; - <p>[CVE-2016-2123] Authenicated users can supply malicious dnsRecord attributes + <p>[CVE-2016-2123] Authenticated users can supply malicious dnsRecord attributes on DNS objects and trigger a controlled memory corruption.</p> <p>[CVE-2016-2125] Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted @@ -7032,7 +7032,7 @@ maliciously crafted GET request to the Horde server.</ <body xmlns="http://www.w3.org/1999/xhtml">; <p>Squid security advisory 2016:10 reports:</p> <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_10.txt">; - <p>Due to incorrect comparsion of request headers Squid can deliver + <p>Due to incorrect comparison of request headers Squid can deliver responses containing private data to clients it should not have reached.</p> <p>This problem allows a remote attacker to discover private and @@ -7249,7 +7249,7 @@ maliciously crafted GET request to the Horde server.</ <h2>printf floating point buffer overflow</h2> <p>libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug - occurs whenthe conversion outputs more than 255 bytes.</p> + occurs when the conversion outputs more than 255 bytes.</p> </blockquote> </body> </description> @@ -7491,7 +7491,7 @@ maliciously crafted GET request to the Horde server.</ ':' delimiter of any request header lines.<br/><br/> RFC7230 Section 3.5 calls out some of these whitespace exceptions, and section 3.2.3 eliminated and clarified the role of implied - whitespace in the grammer of this specification. Section 3.1.1 + whitespace in the grammar of this specification. Section 3.1.1 requires exactly one single SP between the method and request-target, and between the request-target and HTTP-version, followed immediately by a CRLF sequence. None of these @@ -7505,7 +7505,7 @@ maliciously crafted GET request to the Horde server.</ application servers, either through mod_proxy or using conventional CGI mechanisms. In each case where one agent accepts such CTL characters and does not treat them as whitespace, there is the - possiblity in a proxy chain of generating two responses from a + possibility in a proxy chain of generating two responses from a server behind the uncautious proxy agent. In a sequence of two requests, this results in request A to the first proxy being interpreted as requests A + A' by the backend server, and if @@ -8299,7 +8299,7 @@ maliciously crafted GET request to the Horde server.</ <blockquote cite="http://seclists.org/oss-sec/2016/q4/413">; <p>Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b suffer from a heap overflow in WaveletDenoiseImage(). This problem is - easelly trigerrable from a perl script.</p> + easily trigerrable from a Perl script.</p> </blockquote> </body> </description> @@ -8401,7 +8401,7 @@ maliciously crafted GET request to the Horde server.</ sensitive host files (an information leak). Additionally, a malicious guest administrator can cause files on the host to be removed, causing a denial of service. In some unusual host - configurations, ability to remove certain files may be useable for + configurations, ability to remove certain files may be usable for privilege escalation.</p> </blockquote> </body> @@ -9466,8 +9466,8 @@ maliciously crafted GET request to the Horde server.</ <p>LegalHackers' reports:</p> <blockquote cite="http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html">; <p>RCE Bugs discovered in MySQL and its variants like MariaDB. - It works by manupulating my.cnf files and using --malloc-lib. - The bug seems fixed in MySQL5.7.15 by Oracle</p> + It works by manipulating my.cnf files and using --malloc-lib. + The bug seems fixed in MySQL 5.7.15 by Oracle</p> </blockquote> </body> </description> @@ -10511,7 +10511,7 @@ fuzzing and other initiatives.</li> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Node.js has released new verions containing the following security fix:</p> + <p>Node.js has released new versions containing the following security fix:</p> <blockquote cite="https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/">; <p>The following releases all contain fixes for CVE-2016-5180 "ares_create_query single byte out of buffer write": Node.js v0.10.48 (Maintenance), Node.js v0.12.17 (Maintenance), @@ -11045,7 +11045,7 @@ and CVE-2013-0155.</p> <p>Debian reports:</p> <blockquote cite="https://www.debian.org/security/2016/dsa-3675">; <p>Various memory handling problems and cases of missing or - incomplete input sanitising may result in denial of service or the + incomplete input sanitizing may result in denial of service or the execution of arbitrary code if malformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed.</p> </blockquote> @@ -11299,7 +11299,7 @@ and CVE-2013-0155.</p> directory.</p> <h1>Impact:</h1> <p>An attacker who can control freebsd-update's or portsnap's - input to tar can change file content or permisssions on + input to tar(1) can change file content or permissions on files outside of the update tool's working sandbox.</p> </body> </description> @@ -11856,8 +11856,8 @@ and CVE-2013-0155.</p> <p>LegalHackers' reports:</p> <blockquote cite="http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html">; <p>RCE Bugs discovered in MySQL and its variants like MariaDB. - It works by manupulating my.cnf files and using --malloc-lib. - The bug seems fixed in MySQL5.7.15 by Oracle</p> + It works by manipulating my.cnf files and using --malloc-lib. + The bug seems fixed in MySQL 5.7.15 by Oracle</p> </blockquote> </body> </description> @@ -12613,7 +12613,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="e195679d-045b-4953-bb33-be0073ba2ac6"> - <topic>libxml2 -- multiple vulnabilities</topic> + <topic>libxml2 -- multiple vulnerabilities</topic> <affects> <package> <name>libxml2</name> @@ -13880,7 +13880,7 @@ and CVE-2013-0155.</p> <h1>Problem Description:</h1> <p>The SNMP protocol supports an authentication model called USM, which relies on a shared secret. The default permission - of the snmpd.configiguration file, /etc/snmpd.config, is + of the snmpd configuration file, /etc/snmpd.config, is weak and does not provide adequate protection against local unprivileged users.</p> <h1>Impact:</h1> @@ -14184,7 +14184,7 @@ and CVE-2013-0155.</p> would run commands.</p> <h1>Impact:</h1> <p>This issue could be exploited to execute arbitrary - commands as the user invoking patch(1) against a specically + commands as the user invoking patch(1) against a specially crafted patch file, which could be leveraged to obtain elevated privileges.</p> </body> @@ -14260,7 +14260,7 @@ and CVE-2013-0155.</p> commands.</p> <h1>Impact:</h1> <p>This issue could be exploited to execute arbitrary - commands as the user invoking patch(1) against a specically + commands as the user invoking patch(1) against a specially crafted patch file, which could be leveraged to obtain elevated privileges.</p> </body> @@ -14463,7 +14463,7 @@ and CVE-2013-0155.</p> can read or write 16-bits of kernel memory.</p> <h1>Impact:</h1> <p>An unprivileged process can read or modify 16-bits of - memory which belongs to the kernel. This smay lead to + memory which belongs to the kernel. This may lead to exposure of sensitive information or allow privilege escalation.</p> </body> @@ -15869,7 +15869,7 @@ and CVE-2013-0155.</p> pre-existing pagetable entries, to skip expensive re-validation in safe cases (e.g. clearing only Access/Dirty bits). The bits considered safe were too broad, and not actually safe.</p> - <p>A malicous PV guest administrator can escalate their privilege to + <p>A malicious PV guest administrator can escalate their privilege to that of the host.</p> </blockquote> </body> @@ -15886,7 +15886,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="cb5189eb-572f-11e6-b334-002590263bf5"> - <topic>libidn -- mulitiple vulnerabilities</topic> + <topic>libidn -- multiple vulnerabilities</topic> <affects> <package> <name>libidn</name> @@ -16408,7 +16408,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="00cb1469-4afc-11e6-97ea-002590263bf5"> - <topic>atutor -- multiple vulnerabilites</topic> + <topic>atutor -- multiple vulnerabilities</topic> <affects> <package> <name>atutor</name> @@ -16435,7 +16435,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="ffa8ca79-4afb-11e6-97ea-002590263bf5"> - <topic>atutor -- multiple vulnerabilites</topic> + <topic>atutor -- multiple vulnerabilities</topic> <affects> <package> <name>atutor</name> @@ -16901,7 +16901,7 @@ and CVE-2013-0155.</p> rate-limited in any way. The guest can easily cause qemu to print messages to stderr, causing this file to become arbitrarily large. </p> - <p>The disk containing the logfile can be exausted, possibly causing a + <p>The disk containing the logfile can be exhausted, possibly causing a denial-of-service (DoS).</p> </blockquote> </body> @@ -18037,7 +18037,7 @@ and CVE-2013-0155.</p> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Piwik reports:</p> <blockquote cite="http://piwik.org/changelog/piwik-2-16-1/">; - <p>iThe Piwik Security team is grateful for the responsible + <p>The Piwik Security team is grateful for the responsible disclosures by our security researchers: Egidio Romano (granted a critical security bounty), James Kettle and Paweł Bartunek (XSS) and Emanuel Bronshtein (limited XSS).</p> @@ -21844,10 +21844,10 @@ and CVE-2013-0155.</p> <p>JMS Object messages depends on Java Serialization for marshaling/unmashaling of the message payload. There are a couple of places inside the broker where deserialization can occur, like web console or stomp - object message transformation. As deserialization of untrusted data can leaed to + object message transformation. As deserialization of untrusted data can lead to security flaws as demonstrated in various reports, this leaves the broker - vunerable to this attack vector. Additionally, applications that consume - ObjectMessage type of messages can be vunerable as they deserlize objects on + vulnerable to this attack vector. Additionally, applications that consume + ObjectMessage type of messages can be vulnerable as they deserialize objects on ObjectMessage.getObject() calls.</p> </blockquote> </body> @@ -23108,7 +23108,7 @@ and CVE-2013-0155.</p> <p>Andreas Schneider reports:</p> <blockquote cite="https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/">; <p>libssh versions 0.1 and above have a bits/bytes confusion bug and - generate the an anormaly short ephemeral secret for the + generate an abnormally short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There are @@ -23134,7 +23134,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="7d09b9ee-e0ba-11e5-abc4-6fb07af136d2"> - <topic>exim -- local privilleges escalation</topic> + <topic>exim -- local privillege escalation</topic> <affects> <package> <name>exim</name> @@ -23532,7 +23532,7 @@ and CVE-2013-0155.</p> <p>The Apache Software Foundation reports:</p> <blockquote cite="http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt">; <p>The Xerces-C XML parser mishandles certain kinds of malformed input - documents, resulting in buffer overlows during processing and error + documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated @@ -26466,14 +26466,14 @@ and CVE-2013-0155.</p> <body xmlns="http://www.w3.org/1999/xhtml">; <p>DrWhax reports:</p> <blockquote cite="http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557">; - <p>So in codeconv.c there is a function for japanese character set + <p>So in codeconv.c there is a function for Japanese character set conversion called conv_jistoeuc(). There is no bounds checking on the output buffer, which is created on the stack with alloca() Bug can be triggered by sending an email to TAILS_luser@riseup.net or whatever. Since my C is completely rusty, you might be able to make a better - judgement on the severity of this issue. Marking critical for now.</p> + judgment on the severity of this issue. Marking critical for now.</p> </blockquote> </body> </description> @@ -28407,7 +28407,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="84c7ea88-bf04-4bdc-973b-36744bf540ab"> - <topic>flash -- multiple vulnabilities</topic> + <topic>flash -- multiple vulnerabilities</topic> <affects> <package> <name>linux-c6-flashplugin</name> @@ -29013,7 +29013,7 @@ and CVE-2013-0155.</p> a potential volume name of something like '../../../etc/passwd' to attempt to access a file not belonging to the storage pool. When fine-grained Access Control Lists (ACL) are in effect, a user with - storage_vol:create ACL permission but lacking domain:write permssion + storage_vol:create ACL permission but lacking domain:write permission could thus abuse virStorageVolCreateXML and similar APIs to gain access to files not normally permitted to that user. Fortunately, it appears that the only APIs that could leak information or corrupt @@ -29306,7 +29306,7 @@ and CVE-2013-0155.</p> <body xmlns="http://www.w3.org/1999/xhtml">; <p>ISC reports:</p> <blockquote cite="https://kb.isc.org/article/AA-01328/0/BIND-9.10.3-P2-Release-Notes.html">; - <p>Named is potentially vulnerable to the OpenSSL vulnerabilty described in CVE-2015-3193.</p> + <p>Named is potentially vulnerable to the OpenSSL vulnerability described in CVE-2015-3193.</p> <p>Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing a lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]</p> @@ -29836,7 +29836,7 @@ and CVE-2013-0155.</p> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Redmine reports:</p> <blockquote cite="http://www.redmine.org/projects/redmine/wiki/Security_Advisories">; - <p>Mass-assignemnt vulnerability that would allow an attacker to + <p>Mass-assignment vulnerability that would allow an attacker to bypass part of the security checks.</p> <p>Persistent XSS vulnerability</p> </blockquote> @@ -29928,7 +29928,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="c8842a84-9ddd-11e5-8c2f-c485083ca99c"> - <topic>flash -- multiple vulnabilities</topic> + <topic>flash -- multiple vulnerabilities</topic> <affects> <package> <name>linux-c6-flashplugin</name> @@ -30865,7 +30865,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="e5423caf-8fb8-11e5-918c-bcaec565249c"> - <topic>libxml2 -- multiple vulnabilities</topic> + <topic>libxml2 -- multiple vulnerabilities</topic> <affects> <package> <name>libxml2</name> @@ -31236,7 +31236,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="547fbd98-8b1f-11e5-b48b-bcaec565249c"> - <topic>flash -- multiple vulnabilities</topic> + <topic>flash -- multiple vulnerabilities</topic> <affects> <package> <name>linux-c6-flashplugin</name> @@ -33534,7 +33534,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="4e3e8a50-65c1-11e5-948e-bcaec565249c"> - <topic>flash -- multiple vulnabilities</topic> + <topic>flash -- multiple vulnerabilities</topic> <affects> <package> <name>linux-c6-flashplugin</name> @@ -40554,7 +40554,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="d46ed7b8-1912-11e5-9fdf-00262d5ed8ee"> - <topic>www/chromium -- mulitple vulnerabilities</topic> + <topic>www/chromium -- multiple vulnerabilities</topic> <affects> <package> <name>chromium</name> @@ -43726,7 +43726,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="505904d3-ea95-11e4-beaf-bcaec565249c"> - <topic>wordpress -- multiple vulnabilities</topic> + <topic>wordpress -- multiple vulnerabilities</topic> <affects> <package> <name>wordpress</name> @@ -49192,8 +49192,8 @@ and CVE-2013-0155.</p> limited amount of information exposure.</p> <p>SECURITY-127 and SECURITY-128 are rated <strong>high</strong>. The - formed can be used to further escalate privileges, and the latter - results inloss of data.</p> + former can be used to further escalate privileges, and the latter + results in loss of data.</p> <p>SECURITY-131 and SECURITY-138 is rated <strong>critical</strong>. This vulnerabilities results in exposure of sensitie information @@ -102539,7 +102539,7 @@ executed in your Internet Explorer while displaying th </blockquote> <blockquote cite="http://drupal.org/node/184348">; <p>The Drupal Forms API protects against cross site request - forgeries (CSRF), where a malicous site can cause a user + forgeries (CSRF), where a malicious site can cause a user to unintentionally submit a form to a site where he is authenticated. The user deletion form does not follow the standard Forms API submission model and is therefore not @@ -105879,7 +105879,7 @@ executed in your Internet Explorer while displaying th <body xmlns="http://www.w3.org/1999/xhtml">; <p>The freeradius development team reports:</p> <blockquote cite="http://www.freeradius.org/security.html">; - <p>A malicous 802.1x supplicant could send malformed Diameter format + <p>A malicious 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed @@ -120075,7 +120075,7 @@ executed in your Internet Explorer while displaying th <p>In fetchmail 6.2.5.1, the remote code injection via POP3 UIDL was fixed, but a denial of service attack was introduced:</p> - <p>Two possible NULL-pointer dereferences allow a malicous + <p>Two possible NULL-pointer dereferences allow a malicious POP3 server to crash fetchmail by respondig with UID lines containing only the article number but no UID (in violation of RFC-1939), or a message without Message-ID when no UIDL @@ -129031,7 +129031,7 @@ http_access deny Gopher</pre> <p><code>acl something src "/path/to/empty_file.txt"<br/> http_access allow something somewhere</code></p> <p>gets parsed (with warnings) as</p> - <p><code>http_access allow somwhere</code></p> + <p><code>http_access allow somewhere</code></p> <p>And similarily if you are using proxy_auth acls without having any auth schemes defined.</p> </blockquote> @@ -131313,7 +131313,7 @@ http_access deny Gopher</pre> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Sean <q>infamous42md</q> reports that a malicous GroupWise + <p>Sean <q>infamous42md</q> reports that a malicious GroupWise messaging server may be able to exploit a heap buffer overflow in gaim, leading to arbitrary code execution.</p> </body>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707041901.v64J16ww059940>