diff options
author | stas <stas@FreeBSD.org> | 2009-01-05 17:06:12 +0800 |
---|---|---|
committer | stas <stas@FreeBSD.org> | 2009-01-05 17:06:12 +0800 |
commit | 536953ff252c730e2d7c3736fb6419347f61c4a1 (patch) | |
tree | e72ce2c5afcbe49efbc63cec5eb2bc96d829d883 | |
parent | 06d88bb13bbf9be272f97e2bb743e33447ffba37 (diff) | |
download | freebsd-ports-gnome-536953ff252c730e2d7c3736fb6419347f61c4a1.tar.gz freebsd-ports-gnome-536953ff252c730e2d7c3736fb6419347f61c4a1.tar.zst freebsd-ports-gnome-536953ff252c730e2d7c3736fb6419347f61c4a1.zip |
- Document PHP gd library vulnerability.
-rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 439ec591663f..d636691de204 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="58a3c266-db01-11dd-ae30-001cc0377035"> + <topic>php5-gd -- uninitialized memory information disclosure vulnerability</topic> + <affects> + <package> + <name>php5-gd</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>According to CVE-2008-5498 entry:</p> + <blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498"> + <p>Array index error in the "imageRotate" function in PHP 5.2.8 and + earlier allows context-dependent attackers to read the contents + of arbitrary memory locations via a crafted value of the third + argument (aka the "bgd_color" or "clrBack" argument) for an indexed + image.</p> + </blockquote> + </body> + </description> + <references> + <bid>33002</bid> + <cvename>CVE-2008-5498</cvename> + <url>http://www.securiteam.com/unixfocus/6G00Y0ANFU.html</url> + </references> + <dates> + <discovery>2008-12-24</discovery> + <entry>2009-01-05</entry> + </dates> + </vuln> <vuln vid="27d78386-d35f-11dd-b800-001b77d09812"> <topic>awstats -- multiple XSS vulnerabilities</topic> |