aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2004-08-30 22:21:49 +0800
committernectar <nectar@FreeBSD.org>2004-08-30 22:21:49 +0800
commit8122545ab3725e926de7add338a93032eaaf6f56 (patch)
tree91fb315d7efae184f0c482dd85e9c59eaa9ffe73
parent735fae5a549ec1acf50cfffe6ff7b50256b903e0 (diff)
downloadfreebsd-ports-gnome-8122545ab3725e926de7add338a93032eaaf6f56.tar.gz
freebsd-ports-gnome-8122545ab3725e926de7add338a93032eaaf6f56.tar.zst
freebsd-ports-gnome-8122545ab3725e926de7add338a93032eaaf6f56.zip
Add more references (particularly CVE names) for issues affecting
SpamAssassin, tnftpd, ruby, mysql. Place text taken from another source inside <blockquote cite="..."> for ruby issue.
-rw-r--r--security/vuxml/vuln.xml32
1 files changed, 24 insertions, 8 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index e509e4839034..e0d2eea553c3 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -350,12 +350,15 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
</body>
</description>
<references>
+ <cvename>CAN-2004-0796</cvename>
+ <bid>10957</bid>
<mlist>http://marc.theaimsgroup.com/?l=spamassassin-announce&amp;m=109168121628767</mlist>
<url>http://search.cpan.org/src/JMASON/Mail-SpamAssassin-2.64/Changes</url>
</references>
<dates>
<discovery>2004-08-04</discovery>
<entry>2004-08-23</entry>
+ <modified>2004-08-28</modified>
</dates>
</vuln>
@@ -520,6 +523,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
</body>
</description>
<references>
+ <cvename>CAN-2004-0794</cvename>
+ <bid>10967</bid>
<url>http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpd.c#rev1.158</url>
<url>ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc</url>
<mlist msgid="412239E7.1070807@freebsd.lublin.pl">http://lists.netsys.com/pipermail/full-disclosure/2004-August/025418.html</mlist>
@@ -527,6 +532,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
<dates>
<discovery>2004-08-17</discovery>
<entry>2004-08-17</entry>
+ <modified>2004-08-28</modified>
</dates>
</vuln>
@@ -4598,6 +4604,10 @@ misc.c:
</body>
</description>
<references>
+ <cvename>CAN-2004-0627</cvename>
+ <cvename>CAN-2004-0628</cvename>
+ <certvu>184030</certvu>
+ <certvu>645326</certvu>
<url>http://www.nextgenss.com/advisories/mysql-authbypass.txt</url>
<url>http://dev.mysql.com/doc/mysql/en/News-4.1.3.html</url>
<url>http://secunia.com/advisories/12020</url>
@@ -4608,7 +4618,7 @@ misc.c:
<dates>
<discovery>2004-07-01</discovery>
<entry>2004-07-05</entry>
- <modified>2004-08-12</modified>
+ <modified>2004-08-28</modified>
</dates>
</vuln>
@@ -4976,22 +4986,28 @@ misc.c:
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Andres Salomon noticed a problem in the CGI session
- management of Ruby, an object-oriented scripting language.
- CGI::Session's FileStore (and presumably PStore)
- implementations store session information insecurely.
- They simply create files, ignoring permission issues.
- This can lead an attacker who has also shell access to the
- webserver to take over a session.</p>
+ <p>According to a Debian Security Advisory:</p>
+ <blockquote cite="http://www.debian.org/security/2004/dsa-537">
+ <p>Andres Salomon noticed a problem in the CGI session
+ management of Ruby, an object-oriented scripting language.
+ CGI::Session's FileStore (and presumably PStore [...])
+ implementations store session information insecurely.
+ They simply create files, ignoring permission issues.
+ This can lead an attacker who has also shell access to the
+ webserver to take over a session.</p>
+ </blockquote>
</body>
</description>
<references>
+ <cvename>CAN-2004-0755</cvename>
+ <url>http://xforce.iss.net/xforce/xfdb/16996</url>
<url>http://www.debian.org/security/2004/dsa-537</url>
<mlist>http://marc.theaimsgroup.com/?l=bugtraq&amp;m=109267579822250&amp;w=2</mlist>
</references>
<dates>
<discovery>2004-08-16</discovery>
<entry>2004-08-16</entry>
+ <modified>2004-08-28</modified>
</dates>
</vuln>