diff options
| author | rakuco <rakuco@FreeBSD.org> | 2011-10-24 00:16:47 +0800 |
|---|---|---|
| committer | rakuco <rakuco@FreeBSD.org> | 2011-10-24 00:16:47 +0800 |
| commit | 9789de37e0ea3830dca9ab93c34e540afd6278be (patch) | |
| tree | 9811d5bf095071217a8d50b0238e385c713dcc15 | |
| parent | 49b2a3500218c1af02317ac9a362f522d9b10e09 (diff) | |
| download | freebsd-ports-gnome-9789de37e0ea3830dca9ab93c34e540afd6278be.tar.gz freebsd-ports-gnome-9789de37e0ea3830dca9ab93c34e540afd6278be.tar.zst freebsd-ports-gnome-9789de37e0ea3830dca9ab93c34e540afd6278be.zip | |
Document CVE-2011-3365 and CVE-2011-3366.
Different CVE numbers for different software, but they share the same
KDE security advisory.
Approved by: makc (mentor)
| -rw-r--r-- | security/vuxml/vuln.xml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index aa31423099ad..e394c2fc9ff2 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,46 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6d21a287-fce0-11e0-a828-00235a5f2c9a"> + <topic>kdelibs4, rekonq -- input validation failure</topic> + <affects> + <package> + <name>kdelibs</name> + <range><ge>4.0.*</ge><lt>4.7.2</lt></range> + </package> + <package> + <name>rekonq</name> + <range><lt>0.8.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>KDE Security Advisory reports:</p> + <blockquote cite="http://www.kde.org/info/security/advisory-20111003-1.txt"> + <p>The default rendering type for a QLabel is QLabel::AutoText, which + uses heuristics to determine whether to render the given content as + plain text or rich text. KSSL and Rekonq did not properly force its + QLabels to use QLabel::PlainText. As a result, if given a certificate + containing rich text in its fields, they would render the rich + text. Specifically, a certificate containing a common name (CN) that + has a table element will cause the second line of the table to be + displayed. This can allow spoofing of the certificate's common + name.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.kde.org/info/security/advisory-20111003-1.txt</url> + <url>http://www.nth-dimension.org.uk/pub/NDSA20111003.txt.asc</url> + <cvename>CVE-2011-3365</cvename> + <cvename>CVE-2011-3366</cvename> + </references> + <dates> + <discovery>2011-10-03</discovery> + <entry>2011-10-23</entry> + </dates> + </vuln> + <vuln vid="411ecb79-f9bc-11e0-a7e6-6c626dd55a41"> <topic>piwik -- unknown critical vulnerabilities</topic> <affects> |