diff options
author | miwi <miwi@FreeBSD.org> | 2007-08-03 03:52:51 +0800 |
---|---|---|
committer | miwi <miwi@FreeBSD.org> | 2007-08-03 03:52:51 +0800 |
commit | 0adc10c1365ae794941c89c4898756321c418cb8 (patch) | |
tree | aa806f73bf4f919a641c39578d7ef990ffe6d96a /security/vuxml | |
parent | 5b7786a61a7b572eff171682029169f6baac1883 (diff) | |
download | freebsd-ports-gnome-0adc10c1365ae794941c89c4898756321c418cb8.tar.gz freebsd-ports-gnome-0adc10c1365ae794941c89c4898756321c418cb8.tar.zst freebsd-ports-gnome-0adc10c1365ae794941c89c4898756321c418cb8.zip |
- Document fsplib -- multiple vulnerabilities
Reviewed by: remko
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e3c028ed2fa3..91313d86b5dc 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="4a338d17-412d-11dc-bdb0-0016179b2dd5"> + <topic>fsplib -- multiple vulnerabilities</topic> + <affects> + <package> + <name>fsplib</name> + <range><lt>0.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Secunia Advisory reports:</p> + <blockquote cite="http://secunia.com/advisories/26184/"> + <p>fsplib can be exploited to compromise an application using + the library.</p> + <p>A boundary error exists in the processing of file names in + fsp_readdir_native, which can be exploited to cause a stack-based + buffer overflow if the defined MAXNAMLEN is bigger than 256.</p> + <p>A boundary error exists in the processing of directory entries in + fsp_readdir, which can be exploited to cause a stack-based buffer + overflow on systems with an insufficient size allocated for the + d_name field of directory entries.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-3961</cvename> + <cvename>CVE-2007-3962</cvename> + <url>http://secunia.com/advisories/26184/</url> + </references> + <dates> + <discovery>2007-07-24</discovery> + <entry>2007-08-02</entry> + </dates> + </vuln> + <vuln vid="4872d9a7-4128-11dc-bdb0-0016179b2dd5"> <topic>joomla -- multiple vulnerabilities</topic> <affects> |