diff options
author | sem <sem@FreeBSD.org> | 2005-11-10 19:09:55 +0800 |
---|---|---|
committer | sem <sem@FreeBSD.org> | 2005-11-10 19:09:55 +0800 |
commit | e932073a626743749847a2aa1f443c5ef66335ca (patch) | |
tree | fc6e7f864b883ab265cf586536f21c38b26e7075 /security | |
parent | 43520c82d9451fa66121f545efcfd4c04240b290 (diff) | |
download | freebsd-ports-gnome-e932073a626743749847a2aa1f443c5ef66335ca.tar.gz freebsd-ports-gnome-e932073a626743749847a2aa1f443c5ef66335ca.tar.zst freebsd-ports-gnome-e932073a626743749847a2aa1f443c5ef66335ca.zip |
- Document p5-Mail-SpamAssassin vulnerabily (alread fixed in ports)
- Document flyspray cross-site scripting vulnerabilities
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 95fb0e268419..9c795a4a8a1c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,72 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f4b95430-51d8-11da-8e93-0010dc4afb40"> + <topic>flyspray -- cross-site scripting vulnerabilities</topic> + <affects> + <package> + <name>flyspray</name> + <range><le>0.9.8</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Secunia Advisory reports:</p> + <blockquote cite="http://secunia.com/advisories/17316/"> + <p>Lostmon has reported some vulnerabilities in Flyspray, + which can be exploited by malicious people to conduct + cross-site scripting attacks.</p> + <p>Some input isn't properly sanitised before being + returned to the user. This can be exploited to execute + arbitrary HTML and script code in a user's browser + session in context of an affected site.</p> + </blockquote> + </body> + </description> + <references> + <url>http://secunia.com/advisories/17316/</url> + <url>http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multiple-variable.html</url> + </references> + <dates> + <discovery>2005-10-26</discovery> + <entry>2005-11-10</entry> + </dates> + </vuln> + + <vuln vid="7f3fdef7-51d2-11da-8e93-0010dc4afb40"> + <topic>p5-Mail-SpamAssassin -- long message header denial of service</topic> + <affects> + <package> + <name>p5-Mail-SpamAssassin</name> + <range><lt>3.1.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Secunia Advisory reports:</p> + <blockquote cite="http://secunia.com/advisories/17386/"> + <p>A vulnerability has been reported in SpamAssassin, + which can be exploited by malicious people to cause + a DoS (Denial of Service).</p> + <p>The vulnerability is caused due to the use of + an inefficient regular expression in + "/SpamAssassin/Message.pm" to parse email headers. + This can cause perl to crash when it runs out of stack + space and can be exploited via a malicious email that + contains a large number of recipients.</p> + </blockquote> + </body> + </description> + <references> + <url>http://secunia.com/advisories/17386/</url> + <url>http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570</url> + </references> + <dates> + <discovery>2005-11-10</discovery> + <entry>2005-11-10</entry> + </dates> + </vuln> + <vuln vid="eb29a575-3381-11da-8340-000e0c2e438a"> <topic>qpopper -- multiple privilege escalation vulnerabilities</topic> <affects> |