diff options
author | delphij <delphij@FreeBSD.org> | 2009-07-28 03:39:34 +0800 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2009-07-28 03:39:34 +0800 |
commit | 30b5bd807d91993da2deb8b1c576a75ccfbc68d6 (patch) | |
tree | a566d8380ac80af8092c0b6e5a951af65258bf28 /security/vuxml | |
parent | 72ee733a320dfe2a83725b1800dacbd55a216b09 (diff) | |
download | freebsd-ports-gnome-30b5bd807d91993da2deb8b1c576a75ccfbc68d6.tar.gz freebsd-ports-gnome-30b5bd807d91993da2deb8b1c576a75ccfbc68d6.tar.zst freebsd-ports-gnome-30b5bd807d91993da2deb8b1c576a75ccfbc68d6.zip |
Document squid remote denial of service vulnerabilities.
Submitted by: Thomas-Martin Seck <tmseck@web.de>
PR: ports/137184
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b2c72194f876..e7b99724b620 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,40 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e1156e90-7ad6-11de-b26a-0048543d60ce"> + <topic>squid -- several remote denial of service vulnerabilities</topic> + <affects> + <package> + <name>squid</name> + <range><ge>3.0.1</ge><lt>3.0.17</lt></range> + <range><ge>3.1.0.8</ge></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Squid security advisory 2009:2 reports:</p> + <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"> + <p>Due to incorrect buffer limits and related bound checks Squid + is vulnerable to a denial of service attack when processing + specially crafted requests or responses.</p> + <p>Due to incorrect data validation Squid is vulnerable to a + denial of service attack when processing specially crafted + responses.</p> + <p>These problems allow any trusted client or external server to + perform a denial of service attack on the Squid service.</p> + </blockquote> + <p>Squid-2.x releases are not affected.</p> + </body> + </description> + <references> + <url>http://www.squid-cache.org/Advisories/SQUID-2009_2.txt</url> + </references> + <dates> + <discovery>2009-07-27</discovery> + <entry>2009-07-27</entry> + </dates> + </vuln> + <vuln vid="c1ef9b33-72a6-11de-82ea-0030843d3802"> <topic>firefox35 -- corrupt JIT state after deep return from native function</topic> <affects> |