diff options
| author | kwm <kwm@FreeBSD.org> | 2013-03-29 22:08:46 +0800 |
|---|---|---|
| committer | kwm <kwm@FreeBSD.org> | 2013-03-29 22:08:46 +0800 |
| commit | 84c85e191789e46998143cccefd90bdd80cc6b8b (patch) | |
| tree | c62eb64bf61e32f67eb90717ee3a7957fc70b6be /security/vuxml | |
| parent | 59f3535a7a6522c994baadaf9a746906653fb3b2 (diff) | |
| download | freebsd-ports-gnome-84c85e191789e46998143cccefd90bdd80cc6b8b.tar.gz freebsd-ports-gnome-84c85e191789e46998143cccefd90bdd80cc6b8b.tar.zst freebsd-ports-gnome-84c85e191789e46998143cccefd90bdd80cc6b8b.zip | |
Update to 2.8.0. [1]
Add patch to fix CVE-2013-0338 and CVE-2013-0339. [2]
Convert to OptionsNG, rename patches to standard form. [1]
Notified by: swills@ [2]
Obtained from: gnome team repo [1]
Security: 843a4641-9816-11e2-9c51-080027019be0
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8a1c681e7aa5..3a0bd202d06d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,38 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="843a4641-9816-11e2-9c51-080027019be0"> + <topic>libxml2 -- cpu consumption Dos</topic> + <affects> + <package> + <name>libxml2</name> + <range><lt>2.8.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Kurt Seifried reports:</p> + <blockquote cite="http://seclists.org/oss-sec/2013/q1/391"> + <p>libxml2 is affected by the expansion of internal entities + (which can be used to consume resources) and external entities + (which can cause a denial of service against other services, + be used to port scan, etc.)..</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-0338</cvename> + <cvename>CVE-2013-0339</cvename> + <url>http://seclists.org/oss-sec/2013/q1/391</url> + <url>https://security-tracker.debian.org/tracker/CVE-2013-0338</url> + <url>https://security-tracker.debian.org/tracker/CVE-2013-0339</url> + </references> + <dates> + <discovery>2013-02-21</discovery> + <entry>2013-03-29</entry> + </dates> + </vuln> + <vuln vid="daf0a339-9850-11e2-879e-d43d7e0c7c02"> <topic>asterisk -- multiple vulnerabilities</topic> <affects> |