aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2005-06-04 00:26:13 +0800
committernectar <nectar@FreeBSD.org>2005-06-04 00:26:13 +0800
commitbaa89371986af474eddc5dbb3dbfee4e5032dbd5 (patch)
treeedcbccb0ed758a8caead197c5668dc2ac2ef29a8
parentdc2d55d43b385f3585e1ef87bacc5fc9c164031b (diff)
downloadfreebsd-ports-gnome-baa89371986af474eddc5dbb3dbfee4e5032dbd5.tar.gz
freebsd-ports-gnome-baa89371986af474eddc5dbb3dbfee4e5032dbd5.tar.zst
freebsd-ports-gnome-baa89371986af474eddc5dbb3dbfee4e5032dbd5.zip
Correct recently added yamt entry:
* This is not CAN-2004-1302, which was documented much earlier * Try to explain the issue * Add the only public reference to the issue I can find
-rw-r--r--security/vuxml/vuln.xml25
1 files changed, 19 insertions, 6 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 1b2b05f4e359..cd7be105d5a2 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -57,7 +57,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
</vuln>
<vuln vid="99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93">
- <topic>yamt -- Possible buffer overflow and directory transferal issue</topic>
+ <topic>yamt -- buffer overflow and directory traversal
+ issues</topic>
<affects>
<package>
<name>yamt</name>
@@ -66,14 +67,26 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>In addition to the vulnerabilities listed in
- CVE CAN-2004-1302, several other issues have been
- found in audio/yamt, including buffer overflows
- and directory tranversals.</p>
+ <p>Stanislav Brabec discovered errors in yamt's path name
+ handling that lead to buffer overflows and directory traversal
+ issues. When processing a file with a maliciously crafted ID3
+ tag, yamt might overwrite arbitrary files or possibly execute
+ arbitrary code.</p>
+ <p>The SuSE package ChangeLog contains:</p>
+ <blockquote>
+ <ul>
+ <li>Several security fixes (#49337):</li>
+ <li>directory traversal in rename</li>
+ <li>directory traversal in sort</li>
+ <li>buffer overflow in sort</li>
+ <li>buffer overflow in rename</li>
+ </ul>
+ </blockquote>
</body>
</description>
<references>
- <cvename>CAN-2004-1302</cvename>
+ <url>http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html</url>
+ <url>ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/yamt-0.5-1277.src.rpm</url>
</references>
<dates>
<discovery>2005-01-20</discovery>