diff options
author | nectar <nectar@FreeBSD.org> | 2005-06-04 00:26:13 +0800 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2005-06-04 00:26:13 +0800 |
commit | baa89371986af474eddc5dbb3dbfee4e5032dbd5 (patch) | |
tree | edcbccb0ed758a8caead197c5668dc2ac2ef29a8 | |
parent | dc2d55d43b385f3585e1ef87bacc5fc9c164031b (diff) | |
download | freebsd-ports-gnome-baa89371986af474eddc5dbb3dbfee4e5032dbd5.tar.gz freebsd-ports-gnome-baa89371986af474eddc5dbb3dbfee4e5032dbd5.tar.zst freebsd-ports-gnome-baa89371986af474eddc5dbb3dbfee4e5032dbd5.zip |
Correct recently added yamt entry:
* This is not CAN-2004-1302, which was documented much earlier
* Try to explain the issue
* Add the only public reference to the issue I can find
-rw-r--r-- | security/vuxml/vuln.xml | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 1b2b05f4e359..cd7be105d5a2 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,7 +57,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. </vuln> <vuln vid="99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93"> - <topic>yamt -- Possible buffer overflow and directory transferal issue</topic> + <topic>yamt -- buffer overflow and directory traversal + issues</topic> <affects> <package> <name>yamt</name> @@ -66,14 +67,26 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>In addition to the vulnerabilities listed in - CVE CAN-2004-1302, several other issues have been - found in audio/yamt, including buffer overflows - and directory tranversals.</p> + <p>Stanislav Brabec discovered errors in yamt's path name + handling that lead to buffer overflows and directory traversal + issues. When processing a file with a maliciously crafted ID3 + tag, yamt might overwrite arbitrary files or possibly execute + arbitrary code.</p> + <p>The SuSE package ChangeLog contains:</p> + <blockquote> + <ul> + <li>Several security fixes (#49337):</li> + <li>directory traversal in rename</li> + <li>directory traversal in sort</li> + <li>buffer overflow in sort</li> + <li>buffer overflow in rename</li> + </ul> + </blockquote> </body> </description> <references> - <cvename>CAN-2004-1302</cvename> + <url>http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html</url> + <url>ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/yamt-0.5-1277.src.rpm</url> </references> <dates> <discovery>2005-01-20</discovery> |