aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2004-03-29 04:13:32 +0800
committernectar <nectar@FreeBSD.org>2004-03-29 04:13:32 +0800
commit63aa489642b260b46e49b281adde8e510ed848b4 (patch)
tree0d75f4360401c65415f4e9c23e3a4faae5e69aa1 /security/vuxml
parentfe69b078ad2098cc50458d6d351a1f64791535ef (diff)
downloadfreebsd-ports-gnome-63aa489642b260b46e49b281adde8e510ed848b4.tar.gz
freebsd-ports-gnome-63aa489642b260b46e49b281adde8e510ed848b4.tar.zst
freebsd-ports-gnome-63aa489642b260b46e49b281adde8e510ed848b4.zip
Add Emil issue.
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml32
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 9b53ab17812a..a96990d6e573 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,38 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
"http://www.vuxml.org/dtd/vuxml-1/vuxml-10.dtd">
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="ce46b93a-80f2-11d8-9645-0020ed76ef5a">
+ <topic>Buffer overflows and format string bugs in Emil</topic>
+ <affects>
+ <package>
+ <name>emil</name>
+ <range><le>2.1b9</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ulf Härnhammar reports multiple buffer overflows in
+ Emil, some of which are triggered during the parsing
+ of attachment filenames. In addition, some format string bugs
+ are present in the error reporting code.</p>
+ <p>Depending upon local configuration, these vulnerabilities
+ may be exploited using specially crafted messages in order
+ to execute arbitrary code running with the privileges of
+ the user invoking Emil.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://lists.netsys.com/pipermail/full-disclosure/2004-March/019325.html</url>
+ <url>http://www.debian.org/security/2004/dsa-468</url>
+ <cvename>CAN-2004-0152</cvename>
+ <cvename>CAN-2004-0153</cvename>
+ </references>
+ <dates>
+ <discovery>2004-03-24</discovery>
+ <entry>2004-03-28</entry>
+ </dates>
+ </vuln>
+
<vuln vid="290d81b9-80f1-11d8-9645-0020ed76ef5a">
<topic>oftpd denial-of-service vulnerability (PORT command)</topic>
<affects>