diff options
author | simon <simon@FreeBSD.org> | 2005-08-16 04:38:54 +0800 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2005-08-16 04:38:54 +0800 |
commit | 7ba8034d6ae46c53b159abe9b6c0978b7e45b07c (patch) | |
tree | 721a82c6054c0012847230af5c3bd87225a01def /security/vuxml | |
parent | 1e4fd3b30ce3e60a78dda111420e65aa663fa1fd (diff) | |
download | freebsd-ports-gnome-7ba8034d6ae46c53b159abe9b6c0978b7e45b07c.tar.gz freebsd-ports-gnome-7ba8034d6ae46c53b159abe9b6c0978b7e45b07c.tar.zst freebsd-ports-gnome-7ba8034d6ae46c53b159abe9b6c0978b7e45b07c.zip |
Add phpmyfaq and drupal to the "pear-XML_RPC -- remote PHP code
injection vulnerability" entry since they contain an embedded version of
pear-XML_RPC.
Fix typo in body of the latest xpdf entry (note: no modified date bump
as this is a minor typo fix which does change <affects>).
Approved by: portmgr (blanket, VuXML)
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 24e88563f1ed..c7ec9264080f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -39,6 +39,14 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. <name>pear-XML_RPC</name> <range><lt>1.4.0</lt></range> </package> + <package> + <name>phpmyfaq</name> + <range><lt>1.4.11</lt></range> + </package> + <package> + <name>drupal</name> + <range><lt>4.6.3</lt></range> + </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> @@ -56,11 +64,17 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. the evaluation string, which obviously results in arbitrary code execution.</p> </blockquote> + <p>Note that several applications contains an embedded version + on XML_RPC, therefor making them the vulnerable to the same + code injection vulnerability.</p> </body> </description> <references> <cvename>CAN-2005-2498</cvename> + <url>http://drupal.org/files/sa-2005-004/advisory.txt</url> <url>http://www.hardened-php.net/advisory_142005.66.html</url> + <url>http://www.hardened-php.net/advisory_152005.67.html</url> + <url>http://www.phpmyfaq.de/advisory_2005-08-15.php</url> </references> <dates> <discovery>2005-08-15</discovery> @@ -274,7 +288,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. thereby filling up the /tmp partition, when opening a specially crafted PDF file.</p> <p>Note that several applications contains an embedded version - on xpdf, therefor making them the vulnerable to the same + of xpdf, therefor making them the vulnerable to the same DoS. In CUPS this vulnerability would cause the pdftops filter to crash.</p> </body> |