move f9e3e60b-e650-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of vulnerable ports

author: eik <eik@FreeBSD.org> 2004-08-05 22:27:36 +0800
committer: eik <eik@FreeBSD.org> 2004-08-05 22:27:36 +0800
commit: d4e876d45cf13eed11ea31eb0122d68b9a1c9352 (patch)
tree: e1eb28066ceb81c22f645ce12a0de0d9cc9ecbc9
parent: fb44edcd4b6ac7e932981f81b69b87410baea96b (diff)
download: freebsd-ports-gnome-d4e876d45cf13eed11ea31eb0122d68b9a1c9352.tar.gz
freebsd-ports-gnome-d4e876d45cf13eed11ea31eb0122d68b9a1c9352.tar.zst
freebsd-ports-gnome-d4e876d45cf13eed11ea31eb0122d68b9a1c9352.zip
3 files changed, 93 insertions, 6 deletions
diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt
index acccad8a2e90..c6eded4eb5bc 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@@ -62,6 +62,3 @@ gnutls-devel>=1.1.*<1.1.12|http://www.hornik.sk/SA/SA-20040802.txt http://secuni
 ripmime<1.3.2.3|http://www.osvdb.org/8287 http://secunia.com/advisories/12201|ripMIME attachment extraction bypass|85e19dff-e606-11d8-9b0a-000347a4fa7d
 squid<2.5.5_11|http://www.osvdb.org/6791|Squid NTLM authentication helper overflow|f72ccf7c-e607-11d8-9b0a-000347a4fa7d
 acroread<5.09|http://www.osvdb.org/7429 http://freshmeat.net/projects/acrobatreader/?branch_id=92&release_id=164883|Acrobat Reader handling of malformed uuencoded pdf files|ab166a60-e60a-11d8-9b0a-000347a4fa7d
-png<=1.2.5_7|http://www.securityfocus.com/archive/1/370853 http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/236656 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286464|libPNG stack-based buffer overflow and other code concerns|f9e3e60b-e650-11d8-9b0a-000347a4fa7d
-linux-png<=1.0.14_3|http://www.securityfocus.com/archive/1/370853 http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/236656 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286464|libPNG stack-based buffer overflow and other code concerns|f9e3e60b-e650-11d8-9b0a-000347a4fa7d
-linux-png>=1.2.*<=1.2.2|http://www.securityfocus.com/archive/1/370853 http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/236656 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286464|libPNG stack-based buffer overflow and other code concerns|f9e3e60b-e650-11d8-9b0a-000347a4fa7d
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt
index acccad8a2e90..c6eded4eb5bc 100644
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@@ -62,6 +62,3 @@ gnutls-devel>=1.1.*<1.1.12|http://www.hornik.sk/SA/SA-20040802.txt http://secuni
 ripmime<1.3.2.3|http://www.osvdb.org/8287 http://secunia.com/advisories/12201|ripMIME attachment extraction bypass|85e19dff-e606-11d8-9b0a-000347a4fa7d
 squid<2.5.5_11|http://www.osvdb.org/6791|Squid NTLM authentication helper overflow|f72ccf7c-e607-11d8-9b0a-000347a4fa7d
 acroread<5.09|http://www.osvdb.org/7429 http://freshmeat.net/projects/acrobatreader/?branch_id=92&release_id=164883|Acrobat Reader handling of malformed uuencoded pdf files|ab166a60-e60a-11d8-9b0a-000347a4fa7d
-png<=1.2.5_7|http://www.securityfocus.com/archive/1/370853 http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/236656 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286464|libPNG stack-based buffer overflow and other code concerns|f9e3e60b-e650-11d8-9b0a-000347a4fa7d
-linux-png<=1.0.14_3|http://www.securityfocus.com/archive/1/370853 http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/236656 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286464|libPNG stack-based buffer overflow and other code concerns|f9e3e60b-e650-11d8-9b0a-000347a4fa7d
-linux-png>=1.2.*<=1.2.2|http://www.securityfocus.com/archive/1/370853 http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/236656 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286464|libPNG stack-based buffer overflow and other code concerns|f9e3e60b-e650-11d8-9b0a-000347a4fa7d
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 56635fed5c76..7ea68d9a286c 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -66,6 +66,9 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
       <mlist msgid="200407222031.25086.bugtraq@beyondsecurity.com">http://www.securityfocus.com/archive/1/369706</mlist>
       <url>http://www.samba.org/samba/whatsnew/samba-3.0.5.html</url>
       <url>http://www.samba.org/samba/whatsnew/samba-2.2.10.html</url>
+      <url>http://www.osvdb.org/8190</url>
+      <url>http://www.osvdb.org/8191</url>
+      <url>http://secunia.com/advisories/12130</url>
     </references>
     <dates>
       <discovery>2004-07-14</discovery>
@@ -233,6 +236,9 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     </description>
     <references>
       <url>http://www.osvdb.org/6704</url>
+      <cvename>CAN-2004-0708</cvename>
+      <bid>10568</bid>
+      <url>http://secunia.com/advisories/11807</url>
     </references>
     <dates>
       <discovery>2004-05-04</discovery>
@@ -4108,10 +4114,97 @@ misc.c:
       <url>http://bugzilla.mozilla.org/show_bug.cgi?id=252198</url>
       <url>http://www.nd.edu/~jsmith30/xul/test/spoof.html</url>
       <url>http://secunia.com/advisories/12188</url>
+      <bid>10832</bid>
     </references>
     <dates>
       <discovery>2004-07-19</discovery>
       <entry>2004-07-30</entry>
     </dates>
   </vuln>
+
+  <vuln vid="f9e3e60b-e650-11d8-9b0a-000347a4fa7d">
+    <topic>libPNG stack-based buffer overflow and other code concerns</topic>
+    <affects>
+      <package>
+        <name>png</name>
+        <range><le>1.2.5_7</le></range>
+      </package>
+      <package>
+        <name>linux-png</name>
+        <range><le>1.0.14_3</le></range>
+        <range><ge>1.2.*</ge><le>1.2.2</le></range>
+      </package>
+      <package>
+        <name>firefox</name>
+        <range><lt>0.9.3</lt></range>
+      </package>
+      <package>
+        <name>linux-mozilla</name>
+        <range><lt>1.7.2</lt></range>
+      </package>
+      <package>
+        <name>linux-mozilla-devel</name>
+        <range><lt>1.7.2</lt></range>
+      </package>
+      <package>
+        <name>mozilla</name>
+        <range><lt>1.7.2,2</lt></range>
+        <range><ge>1.8.*,2</ge><le>1.8.a2,2</le></range>
+      </package>
+      <package>
+        <name>mozilla-gtk1</name>
+        <range><lt>1.7.2</lt></range>
+      </package>
+      <package>
+        <name>netscape-{communicator,navigator}</name>
+        <range><le>4.78</le></range>
+      </package>
+      <package>
+        <name>linux-netscape-{communicator,navigator}</name>
+        <name>{ja,ko}-netscape-{communicator,navigator}-linux</name>
+        <range><le>4.8</le></range>
+      </package>
+      <package>
+        <name>{,ja-}netscape7</name>
+        <range><le>7.1</le></range>
+      </package>
+      <package>
+        <name>{de-,fr-,pt_BR-}netscape7</name>
+        <range><le>7.02</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>Chris Evans has discovered multiple vulnerabilities in libpng,
+          which can be exploited by malicious people to compromise a
+          vulnerable system or cause a DoS (Denial of Service).</p>
+      </body>
+    </description>
+    <references>
+      <mlist msgid="Pine.LNX.4.58.0408041840080.20655@sphinx.mythic-beasts.com">http://www.securityfocus.com/archive/1/370853</mlist>
+      <url>http://scary.beasts.org/security/CESA-2004-001.txt</url>
+      <url>http://www.osvdb.org/8312</url>
+      <url>http://www.osvdb.org/8313</url>
+      <url>http://www.osvdb.org/8314</url>
+      <url>http://www.osvdb.org/8315</url>
+      <url>http://www.osvdb.org/8316</url>
+      <cvename>CAN-2004-0597</cvename>
+      <cvename>CAN-2004-0598</cvename>
+      <cvename>CAN-2004-0599</cvename>
+      <certvu>388984</certvu>
+      <certvu>236656</certvu>
+      <certvu>160448</certvu>
+      <certvu>477512</certvu>
+      <certvu>817368</certvu>
+      <certvu>286464</certvu>
+      <url>http://secunia.com/advisories/12219</url>
+      <url>http://secunia.com/advisories/12232</url>
+      <url>http://bugzilla.mozilla.org/show_bug.cgi?id=251381</url>
+    </references>
+    <dates>
+      <discovery>2004-08-04</discovery>
+      <entry>2004-08-04</entry>
+      <modified>2004-08-05</modified>
+    </dates>
+  </vuln>
 </vuxml>
author	eik <eik@FreeBSD.org>	2004-08-05 22:27:36 +0800
committer	eik <eik@FreeBSD.org>	2004-08-05 22:27:36 +0800
commit	d4e876d45cf13eed11ea31eb0122d68b9a1c9352 (patch)
tree	e1eb28066ceb81c22f645ce12a0de0d9cc9ecbc9
parent	fb44edcd4b6ac7e932981f81b69b87410baea96b (diff)
download	freebsd-ports-gnome-d4e876d45cf13eed11ea31eb0122d68b9a1c9352.tar.gz freebsd-ports-gnome-d4e876d45cf13eed11ea31eb0122d68b9a1c9352.tar.zst freebsd-ports-gnome-d4e876d45cf13eed11ea31eb0122d68b9a1c9352.zip