diff options
author | erwin <erwin@FreeBSD.org> | 2007-06-05 04:56:26 +0800 |
---|---|---|
committer | erwin <erwin@FreeBSD.org> | 2007-06-05 04:56:26 +0800 |
commit | 51fe912e0630cac8a6819b58dc772a5b957d938b (patch) | |
tree | 98d82ae58b438f125857f00150615f0f34cb1762 /security/vuxml | |
parent | 2ea2886bf527f8e90b1996e9f1843cc357380ce4 (diff) | |
download | freebsd-ports-gnome-51fe912e0630cac8a6819b58dc772a5b957d938b.tar.gz freebsd-ports-gnome-51fe912e0630cac8a6819b58dc772a5b957d938b.tar.zst freebsd-ports-gnome-51fe912e0630cac8a6819b58dc772a5b957d938b.zip |
Add an entry for an email header injection vulnerability in
www/typo3 from February.
Reviewed by: remko
Persuaded by: cperciva and simon by setting up the
ports-security team
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e54057eee525..409e6a14a4cf 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="62b8f253-12d9-11dc-a35c-001485ab073e"> + <topic>typo3 -- email header injection</topic> + <affects> + <package> + <name>typo3</name> + <range><gt>3.0</gt><lt>4.0.5</lt></range> + <range><gt>4.1</gt><lt>4.1.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Olivier Dobberkau, Andreas Otto, and Thorsten Kahler report:</p> + <blockquote cite="http://typo3.org/teams/security/security-bulletins/typo3-20070221-1/"> + <p>An unspecified error in the internal form engine can be used for + sending arbitrary mail headers, using it for purposes which it + is not meant for, e.g. sending spam messages.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-1081</cvename> + <url>http://secunia.com/advisories/24207/</url> + <url>http://typo3.org/teams/security/security-bulletins/typo3-20070221-1/</url> + </references> + <dates> + <discovery>2007-02-21</discovery> + <entry>2007-06-04</entry> + </dates> + </vuln> + <vuln vid="3d0e724e-129b-11dc-9f79-0016179b2dd5"> <topic>phppgadmin -- cross site scripting vulnerability</topic> <affects> |