aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2005-08-16 04:38:54 +0800
committersimon <simon@FreeBSD.org>2005-08-16 04:38:54 +0800
commit7ba8034d6ae46c53b159abe9b6c0978b7e45b07c (patch)
tree721a82c6054c0012847230af5c3bd87225a01def /security/vuxml
parent1e4fd3b30ce3e60a78dda111420e65aa663fa1fd (diff)
downloadfreebsd-ports-gnome-7ba8034d6ae46c53b159abe9b6c0978b7e45b07c.tar.gz
freebsd-ports-gnome-7ba8034d6ae46c53b159abe9b6c0978b7e45b07c.tar.zst
freebsd-ports-gnome-7ba8034d6ae46c53b159abe9b6c0978b7e45b07c.zip
Add phpmyfaq and drupal to the "pear-XML_RPC -- remote PHP code
injection vulnerability" entry since they contain an embedded version of pear-XML_RPC. Fix typo in body of the latest xpdf entry (note: no modified date bump as this is a minor typo fix which does change <affects>). Approved by: portmgr (blanket, VuXML)
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml16
1 files changed, 15 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 24e88563f1ed..c7ec9264080f 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -39,6 +39,14 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
<name>pear-XML_RPC</name>
<range><lt>1.4.0</lt></range>
</package>
+ <package>
+ <name>phpmyfaq</name>
+ <range><lt>1.4.11</lt></range>
+ </package>
+ <package>
+ <name>drupal</name>
+ <range><lt>4.6.3</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -56,11 +64,17 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
the evaluation string, which obviously results in
arbitrary code execution.</p>
</blockquote>
+ <p>Note that several applications contains an embedded version
+ on XML_RPC, therefor making them the vulnerable to the same
+ code injection vulnerability.</p>
</body>
</description>
<references>
<cvename>CAN-2005-2498</cvename>
+ <url>http://drupal.org/files/sa-2005-004/advisory.txt</url>
<url>http://www.hardened-php.net/advisory_142005.66.html</url>
+ <url>http://www.hardened-php.net/advisory_152005.67.html</url>
+ <url>http://www.phpmyfaq.de/advisory_2005-08-15.php</url>
</references>
<dates>
<discovery>2005-08-15</discovery>
@@ -274,7 +288,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
thereby filling up the /tmp partition, when opening a
specially crafted PDF file.</p>
<p>Note that several applications contains an embedded version
- on xpdf, therefor making them the vulnerable to the same
+ of xpdf, therefor making them the vulnerable to the same
DoS. In CUPS this vulnerability would cause the pdftops
filter to crash.</p>
</body>