aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authorremko <remko@FreeBSD.org>2010-12-23 00:10:45 +0800
committerremko <remko@FreeBSD.org>2010-12-23 00:10:45 +0800
commitc36d1312e1141e6fbf748d5e7f22c215cac2f7fa (patch)
tree259a32625a90984fab5cae7ed2d3b493e0fd5605 /security/vuxml
parent0a63ada6c9def617adbda7523901bc974695fc05 (diff)
downloadfreebsd-ports-gnome-c36d1312e1141e6fbf748d5e7f22c215cac2f7fa.tar.gz
freebsd-ports-gnome-c36d1312e1141e6fbf748d5e7f22c215cac2f7fa.tar.zst
freebsd-ports-gnome-c36d1312e1141e6fbf748d5e7f22c215cac2f7fa.zip
Add Tor remote crash and the possibility of remote code execution.
Submitted by: Janne Snabb <snabb at epipe dot com>
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml38
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index ab4d1c58271a..83afa8e5b4e2 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,44 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="4bd33bc5-0cd6-11e0-bfa4-001676740879">
+ <topic>tor -- remote crash and potential remote code execution</topic>
+ <affects>
+ <package>
+ <name>tor</name>
+ <range><lt>0.2.1.28</lt></range>
+ </package>
+ <package>
+ <name>tor-devel</name>
+ <range><lt>0.2.2.20-alpha</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Tor Project reports:</p>
+ <blockquote cite="http://archives.seul.org/or/announce/Dec-2010/msg00000.html">
+ <p>Remotely exploitable bug that could be used to crash instances
+ of Tor remotely by overflowing on the heap. Remote-code execution
+ hasn't been confirmed, but can't be ruled out. Everyone should
+ upgrade.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>45500</bid>
+ <cvename>CVE-2010-1676</cvename>
+ <freebsdpr>ports/153326</freebsdpr>
+ <mlist msgid="20101220135830.GU3300@moria.seul.org">http://archives.seul.org/or/announce/Dec-2010/msg00000.html</mlist>
+ <mlist msgid="20101220141526.GS3255@moria.seul.org">http://archives.seul.org/or/talk/Dec-2010/msg00167.html</mlist>
+ <url>https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog</url>
+ <url>https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ChangeLog</url>
+ </references>
+ <dates>
+ <discovery>2010-12-17</discovery>
+ <entry>2010-12-22</entry>
+ </dates>
+ </vuln>
+
<vuln vid="d560b346-08a2-11e0-bcca-0050568452ac">
<topic>YUI JavaScript library -- JavaScript injection exploits in Flash components</topic>
<affects>