diff options
| author | nectar <nectar@FreeBSD.org> | 2005-02-23 03:27:32 +0800 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2005-02-23 03:27:32 +0800 |
| commit | 670627282bd38a696513acff62ee34b1de597280 (patch) | |
| tree | 92ebc2e1ff473882bf212d7a7095a1eccba938ee /security/vuxml | |
| parent | 3f544992e9c425975a4073dd98271ee5a4c1ee22 (diff) | |
| download | freebsd-ports-gnome-670627282bd38a696513acff62ee34b1de597280.tar.gz freebsd-ports-gnome-670627282bd38a696513acff62ee34b1de597280.tar.zst freebsd-ports-gnome-670627282bd38a696513acff62ee34b1de597280.zip | |
Nit:
- In most recent `unace' entry, replace HTML entity with the Unicode
character. We do not use HTML entities so that a VuXML document may
be processed without using the DTD. (We also avoid character entity
references for more natural grep'ing, sed'ing, and editor searching.)
Corrections:
- An invalid UUID was assigned to a FreeRADIUS vulnerability, and went
undetected since last October. (>_<) Correct it.
- A bnc vulnerability was duplicated. Cancel the older, less informative
entry and update the newer entry.
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 32 |
1 files changed, 6 insertions, 26 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a98e5e6443a0..0d75f3341182 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -42,7 +42,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Ulf Härnhammar reports multiple security vulnerabilities + <p>Ulf Härnhammar reports multiple security vulnerabilities in unace-1.2b:</p> <ul> <li>There are buffer overflows when extracting, testing or @@ -3902,7 +3902,8 @@ http_access deny Gopher</pre> </vuln> <vuln vid="9be819c6-4633-11d9-a9e7-0001020eed82"> - <topic>bnc -- remote code execution</topic> + <topic>bnc -- remotely exploitable buffer overflow in + getnickuserhost</topic> <affects> <package> <name>bnc</name> @@ -3933,6 +3934,7 @@ http_access deny Gopher</pre> <dates> <discovery>2004-11-10</discovery> <entry>2004-12-04</entry> + <modified>2005-02-22</modified> </dates> </vuln> @@ -4697,29 +4699,7 @@ http_access deny Gopher</pre> </vuln> <vuln vid="1f8dea68-3436-11d9-952f-000c6e8f12ef"> - <topic>bnc -- buffer-overflow vulnerability</topic> - <affects> - <package> - <name>bnc</name> - <range><le>2.8.9</le></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>The function getnickuserhost() suffers from a buffer-overflow. - It is called when BNC processes a response from IRC server. - An attacking server can use this vulnerability to gain shell - access, on the BNC running machine.</p> - </body> - </description> - <references> - <mlist msgid="20041110131046.GA21604@cecilija.zesoi.fer.hr">http://marc.theaimsgroup.com/?l=bugtraq&m=110011817627839</mlist> - </references> - <dates> - <discovery>2004-10-11</discovery> - <entry>2004-11-11</entry> - <modified>2005-01-19</modified> - </dates> + <cancelled superseded="9be819c6-4633-11d9-a9e7-0001020eed82" /> </vuln> <vuln vid="027380b7-3404-11d9-ac1b-000d614f7fad"> @@ -5916,7 +5896,7 @@ http_access deny Gopher</pre> </dates> </vuln> - <vuln vid="20dfd134-1d39-11d9-9be9-000c6e8f12e"> + <vuln vid="20dfd134-1d39-11d9-9be9-000c6e8f12ef"> <topic>freeradius -- denial-of-service vulnerability</topic> <affects> <package> |