diff options
| author | Jun Kuriyama <kuriyama@FreeBSD.org> | 2009-12-08 09:44:59 +0800 |
|---|---|---|
| committer | Jun Kuriyama <kuriyama@FreeBSD.org> | 2009-12-08 09:44:59 +0800 |
| commit | b7fc28b16e5f1a8e5a85ca95cbec49b6b2a07df9 (patch) | |
| tree | efcc9590dc67b067294beb74249688e786a0b354 | |
| parent | 63136a9d52c2acffe481ddd04e10ce52cc29b449 (diff) | |
| download | freebsd-ports-gnome-b7fc28b16e5f1a8e5a85ca95cbec49b6b2a07df9.tar.gz freebsd-ports-gnome-b7fc28b16e5f1a8e5a85ca95cbec49b6b2a07df9.tar.zst freebsd-ports-gnome-b7fc28b16e5f1a8e5a85ca95cbec49b6b2a07df9.zip | |
- Add two CVE entries for expat2.
| -rw-r--r-- | security/vuxml/vuln.xml | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index bea01f501b94..beb9ec0434cd 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -35,6 +35,66 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="5f030587-e39a-11de-881e-001aa0166822"> + <topic>expat2 -- Parser crash with specially formatted UTF-8 sequences</topic> + <affects> + <package> + <name>expat2</name> + <range><lt>2.0.1_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720"> + <p>The updatePosition function in lib/xmltok_impl.c in + libexpat in Expat 2.0.1, as used in Python, PyXML, + w3c-libwww, and other software, allows context-dependent + attackers to cause a denial of service (application crash) + via an XML document with crafted UTF-8 sequences that + trigger a buffer over-read.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3720</cvename> + </references> + <dates> + <discovery>2009-01-17</discovery> + <entry>2009-12-08</entry> + </dates> + </vuln> + + <vuln vid="e9fca207-e399-11de-881e-001aa0166822"> + <topic>expat2 -- buffer over-read and crash</topic> + <affects> + <package> + <name>expat2</name> + <range><lt>2.0.1_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560"> + <p>The big2_toUtf8 function in lib/xmltok.c in libexpat in + Expat 2.0.1, as used in the XML-Twig module for Perl, allows + context-dependent attackers to cause a denial of service + (application crash) via an XML document with malformed UTF-8 + sequences that trigger a buffer over-read, related to the + doProlog function in lib/xmlparse.c.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3560</cvename> + </references> + <dates> + <discovery>2009-10-05</discovery> + <entry>2009-12-08</entry> + </dates> + </vuln> + <vuln vid="6431c4db-deb4-11de-9078-0030843d3802"> <topic>opera -- multiple vulnerabilities</topic> <affects> |