diff options
author | simon <simon@FreeBSD.org> | 2004-10-13 07:46:41 +0800 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2004-10-13 07:46:41 +0800 |
commit | 1a9b45328727c38021b5a1fb1f4d641aecc35cfe (patch) | |
tree | c3052854244fa0ddbabc57777355e70685d2ec47 /security | |
parent | bfef24863c6d4e6cccb28c67fe43619c09381829 (diff) | |
download | freebsd-ports-gnome-1a9b45328727c38021b5a1fb1f4d641aecc35cfe.tar.gz freebsd-ports-gnome-1a9b45328727c38021b5a1fb1f4d641aecc35cfe.tar.zst freebsd-ports-gnome-1a9b45328727c38021b5a1fb1f4d641aecc35cfe.zip |
Document a vulnerability in sharutils.
Approved by: nectar
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index feda937dd423..127c37b98681 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,37 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="26c9e8c6-1c99-11d9-814e-0001020eed82"> + <topic>sharutils -- buffer overflows</topic> + <affects> + <package> + <name>sharutils</name> + <range><ge>0</ge></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>From Gentoo advisory GLSA 200410-01:</p> + <blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200410-01.xml"> + <p>sharutils contains two buffer overflows. Ulf Harnhammar + discovered a buffer overflow in shar.c, where the length + of data returned by the wc command is not checked. + Florian Schilhabel discovered another buffer overflow in + unshar.c.</p> + </blockquote> + </body> + </description> + <references> + <bid>11298</bid> + <url>http://www.gentoo.org/security/en/glsa/glsa-200410-01.xml</url> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=265904</url> + </references> + <dates> + <discovery>2004-08-15</discovery> + <entry>2004-10-13</entry> + </dates> + </vuln> + <vuln vid="3030ae22-1c7f-11d9-81a4-0050fc56d258"> <topic>mail-notification -- denial-of-service vulnerability</topic> <affects> |