aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorstas <stas@FreeBSD.org>2009-01-05 17:06:12 +0800
committerstas <stas@FreeBSD.org>2009-01-05 17:06:12 +0800
commit536953ff252c730e2d7c3736fb6419347f61c4a1 (patch)
treee72ce2c5afcbe49efbc63cec5eb2bc96d829d883
parent06d88bb13bbf9be272f97e2bb743e33447ffba37 (diff)
downloadfreebsd-ports-gnome-536953ff252c730e2d7c3736fb6419347f61c4a1.tar.gz
freebsd-ports-gnome-536953ff252c730e2d7c3736fb6419347f61c4a1.tar.zst
freebsd-ports-gnome-536953ff252c730e2d7c3736fb6419347f61c4a1.zip
- Document PHP gd library vulnerability.
-rw-r--r--security/vuxml/vuln.xml30
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 439ec591663f..d636691de204 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,36 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="58a3c266-db01-11dd-ae30-001cc0377035">
+ <topic>php5-gd -- uninitialized memory information disclosure vulnerability</topic>
+ <affects>
+ <package>
+ <name>php5-gd</name>
+ <range><gt>0</gt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>According to CVE-2008-5498 entry:</p>
+ <blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498">
+ <p>Array index error in the "imageRotate" function in PHP 5.2.8 and
+ earlier allows context-dependent attackers to read the contents
+ of arbitrary memory locations via a crafted value of the third
+ argument (aka the "bgd_color" or "clrBack" argument) for an indexed
+ image.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>33002</bid>
+ <cvename>CVE-2008-5498</cvename>
+ <url>http://www.securiteam.com/unixfocus/6G00Y0ANFU.html</url>
+ </references>
+ <dates>
+ <discovery>2008-12-24</discovery>
+ <entry>2009-01-05</entry>
+ </dates>
+ </vuln>
<vuln vid="27d78386-d35f-11dd-b800-001b77d09812">
<topic>awstats -- multiple XSS vulnerabilities</topic>