diff options
| author | eik <eik@FreeBSD.org> | 2004-03-12 01:56:35 +0800 |
|---|---|---|
| committer | eik <eik@FreeBSD.org> | 2004-03-12 01:56:35 +0800 |
| commit | b01a6412255e04a49bd96d0ee40b836fb9aeed1b (patch) | |
| tree | 809584075bcbdb8d1afdeb50b5293484f278f185 /security/vuxml | |
| parent | bc0fb8c99c4e726c970f27b96dd526f1e5ea7ca6 (diff) | |
| download | freebsd-ports-gnome-b01a6412255e04a49bd96d0ee40b836fb9aeed1b.tar.gz freebsd-ports-gnome-b01a6412255e04a49bd96d0ee40b836fb9aeed1b.tar.zst freebsd-ports-gnome-b01a6412255e04a49bd96d0ee40b836fb9aeed1b.zip | |
remove vid 3ca8dd7a-6fb3-11d8-873f-0020ed76ef5a, since the unsafe call
to sprintf is made in preparation for outputting a debug message using
OutputDebugString, which is a function from a different operating system.
While I'm here, transform U+C3A4 into ä (or 쎤), since CVS is
bad in handling binary data.
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 34 |
1 files changed, 1 insertions, 33 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d7ad42a2c85e..fb72a3fc7029 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -198,38 +198,6 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. </dates> </vuln> - <vuln vid="3ca8dd7a-6fb3-11d8-873f-0020ed76ef5a"> - <topic>Adobe Acrobat Reader XFDF buffer overflow vulnerability</topic> - <affects> - <package> - <name>acroread</name> - <range><ge>5.0</ge></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>NGSSoftware Insight Security released a security advisory - detailing a vulnerability in Adobe Acrobat Reader's XFDF - handling. During the parsing of an XFDF document, `sprintf' - is used unsafely, resulting in a stack buffer overflow.</p> - <p>An attacker may create a specially formatted, malicious XFDF - file that could cause remote code execution. The attacker - could cause the user into read the XFDF file in a number of - ways, such as by sending it by email.</p> - <p><strong>NOTE:</strong> This has not yet been confirmed to - affect Acrobat Reader versions prior to 5.1, or UNIX versions - of Acrobat Reader, but it seems likely.</p> - </body> - </description> - <references> - <url>http://www.ngssoftware.com/advisories/adobexfdf.txt</url> - </references> - <dates> - <discovery>2004-03-03</discovery> - <entry>2004-03-06</entry> - </dates> - </vuln> - <vuln vid="8471bb85-6fb0-11d8-873f-0020ed76ef5a"> <topic>GNU Anubis buffer overflows and format string vulnerabilities</topic> @@ -241,7 +209,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Ulf Härnhammar discovered several vulnerabilities in GNU + <p>Ulf Härnhammar discovered several vulnerabilities in GNU Anubis.</p> <ul> <li>Unsafe uses of `sscanf'. The `%s' format specifier is |