diff options
| author | delphij <delphij@FreeBSD.org> | 2015-05-19 15:54:29 +0800 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2015-05-19 15:54:29 +0800 |
| commit | e445099cefa12393bedd76a1184b4c728d06fb7b (patch) | |
| tree | 99527c52e341e9ad04343d91b15610b481c53648 /security/vuxml | |
| parent | 0312176b13cb5a31887668380294d627fa23cb9e (diff) | |
| download | freebsd-ports-gnome-e445099cefa12393bedd76a1184b4c728d06fb7b.tar.gz freebsd-ports-gnome-e445099cefa12393bedd76a1184b4c728d06fb7b.tar.zst freebsd-ports-gnome-e445099cefa12393bedd76a1184b4c728d06fb7b.zip | |
Document ClamAV multiple vulnerabilities.
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 26af5cd94ebb..e5debd652d2c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,53 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3d0428b2-fdfb-11e4-894f-d050996490d0"> + <topic>clamav -- multiple vulnerabilities</topic> + <affects> + <package> + <name>clamav</name> + <range><lt>0.98.7</lt></range> + </package> + <package> + <name>clamav-devel</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>ClamAV project reports:</p> + <blockquote cite="http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html"> + <p>ClamAV 0.98.7 is here! This release contains new + scanning features and bug fixes.</p> + <p>Fix infinite loop condition on crafted y0da cryptor file. + Identified and patch suggested by Sebastian Andrzej Siewior. + CVE-2015-2221.</p> + <p>Fix crash on crafted petite packed file. Reported and patch + supplied by Sebastian Andrzej Siewior. CVE-2015-2222.</p> + <p>Fix an infinite loop condition on a crafted "xz" archive + file. This was reported by Dimitri Kirchner and Goulven + Guiheux. CVE-2015-2668.</p> + <p>Apply upstream patch for possible heap overflow in Henry + Spencer's regex library. CVE-2015-2305.</p> + <p>Fix crash in upx decoder with crafted file. Discovered and + patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2015-2170</cvename> + <cvename>CVE-2015-2221</cvename> + <cvename>CVE-2015-2222</cvename> + <cvename>CVE-2015-2305</cvename> + <cvename>CVE-2015-2668</cvename> + <url>http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html</url> + </references> + <dates> + <discovery>2015-04-29</discovery> + <entry>2015-05-19</entry> + </dates> + </vuln> + <vuln vid="a0089e18-fc9e-11e4-bc58-001e67150279"> <topic>rubygems -- request hijacking vulnerability</topic> <affects> |