aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authoreik <eik@FreeBSD.org>2004-09-07 18:44:11 +0800
committereik <eik@FreeBSD.org>2004-09-07 18:44:11 +0800
commit2daf504fa265b69647367218beed3e2a9cb9b464 (patch)
treea49ee1baf522f0536ee7f52c5ea0c459e056a2d9 /security
parentadeb0671f782c69a119139e76f0955a227e71c3e (diff)
downloadfreebsd-ports-gnome-2daf504fa265b69647367218beed3e2a9cb9b464.tar.gz
freebsd-ports-gnome-2daf504fa265b69647367218beed3e2a9cb9b464.tar.zst
freebsd-ports-gnome-2daf504fa265b69647367218beed3e2a9cb9b464.zip
- XSS vulnerability in phpGroupWare wiki module
- add some references Approved by: portmgr (implicit)
Diffstat (limited to 'security')
-rw-r--r--security/portaudit-db/database/portaudit.txt14
-rw-r--r--security/portaudit-db/database/portaudit.xml36
2 files changed, 42 insertions, 8 deletions
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt
index d34dbf954214..79095d81d9fa 100644
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@@ -63,16 +63,14 @@ sympa<4.1.2|http://secunia.com/advisories/12286 http://www.sympa.org/release.htm
phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://secunia.com/advisories/10602 http://www.osvdb.org/3473 http://www.osvdb.org/3474 http://www.osvdb.org/3475 http://www.osvdb.org/3476 http://www.osvdb.org/3477 http://www.osvdb.org/3478 http://www.osvdb.org/3479 http://www.osvdb.org/3480 http://www.osvdb.org/3481 http://www.osvdb.org/3482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0067 http://www.securityfocus.com/archive/1/349698|phpGedView: muliple vulnerabilities|c35d4cae-eed0-11d8-81b0-000347a4fa7d
{ja-,}phpgroupware<0.9.14.007|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0017 http://www.securityfocus.com/bid/9386 http://www.securityfocus.com/bid/9387 http://xforce.iss.net/xforce/xfdb/13489 http://xforce.iss.net/xforce/xfdb/14846 http://www.osvdb.org/2691 http://www.osvdb.org/6857 http://secunia.com/advisories/10046|phpGroupWare calendar and infolog SQL injection, calendar server side script execution|96fc0f03-ef13-11d8-81b0-000347a4fa7d
{ja-,}phpgroupware<0.9.16.002|http://freshmeat.net/releases/168144 http://www.osvdb.org/8354 http://xforce.iss.net/xforce/xfdb/16970|phpGroupWare stores passwords in plain text|82f16a40-ef12-11d8-81b0-000347a4fa7d
-gallery<1.4.4.1|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021 http://www.osvdb.org/9019 http://secunia.com/advisories/12316|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d
+gallery<1.4.4.1|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021 http://www.osvdb.org/9019 http://secunia.com/advisories/12316 http://www.securityfocus.com/bid/10968|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d
apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d
a2ps-{a4,letter,letterdj}<4.13b_2|http://www.freebsd.org/cgi/query-pr.cgi?pr=70618 http://secunia.com/advisories/12375 http://www.osvdb.org/9176 http://www.securityfocus.com/bid/11025|a2ps: Possible execution of shell commands as local user|8091fcea-f35e-11d8-81b0-000347a4fa7d
-{ja-,}xv<=3.10a_3|http://secunia.com/advisories/12352 http://www.securityfocus.com/archive/1/372345 http://www.osvdb.org/9115 http://www.osvdb.org/9118 http://www.osvdb.org/9119 http://www.osvdb.org/9120|multiple buffer overflows in xv|34c453ba-f686-11d8-81b0-000347a4fa7d
+{ja-,}xv<=3.10a_3|http://secunia.com/advisories/12352 http://www.securityfocus.com/archive/1/372345 http://www.osvdb.org/9115 http://www.osvdb.org/9118 http://www.osvdb.org/9119 http://www.osvdb.org/9120 http://www.securityfocus.com/bid/10985|multiple buffer overflows in xv|34c453ba-f686-11d8-81b0-000347a4fa7d
nss<3.9|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0564 http://secunia.com/advisories/11096 http://www.osvdb.org/4197|Mozilla / NSS S/MIME DoS vulnerability|65532ad9-f69b-11d8-81b0-000347a4fa7d
-cdrtools<2.0.3_4|ftp://ftp.berlios.de/pub/cdrecord/alpha/AN-2.01a38|security bug in rscsi client code|fdbbed57-f933-11d8-a776-00e081220a76
-cdrtools-cjk<2.0.3.20030714_4|ftp://ftp.berlios.de/pub/cdrecord/alpha/AN-2.01a38|security bug in rscsi client code|fdbbed57-f933-11d8-a776-00e081220a76
-cdrtools-devel<2.01a38|ftp://ftp.berlios.de/pub/cdrecord/alpha/AN-2.01a38|security bug in rscsi client code|fdbbed57-f933-11d8-a776-00e081220a76
{ja-,ru-,}gaim<0.82|http://www.osvdb.org/9261 http://www.osvdb.org/9262 http://www.osvdb.org/9263 http://www.osvdb.org/9264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785 http://www.securityfocus.com/bid/11056 http://gaim.sourceforge.net/security/index.php|multiple vulnerabilities in gaim|8b29b312-fa6e-11d8-81b0-000347a4fa7d
{ja-,}samba<2.2.11.*|http://www.samba.org/samba/history/samba-2.2.11.html http://secunia.com/advisories/12397 http://www.osvdb.org/9362|samba printer change notification request DoS|d8ce23a5-fadc-11d8-81b0-000347a4fa7d
-squid>=2.5.*<2.5.6_7|http://secunia.com/advisories/12444 http://www.squid-cache.org/bugs/show_bug.cgi?id=1045|squid ntlm authentication helper DoS|7c351421-fdbd-11d8-81b0-000347a4fa7d
-FreeBSD>=502120<503000|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d
-FreeBSD>=600000<600001|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d
+squid>=2.5.*<2.5.6_7|http://secunia.com/advisories/12444 http://www.squid-cache.org/bugs/show_bug.cgi?id=1045 http://www.securityfocus.com/bid/11098|Squid NTLM authentication helper DoS|7c351421-fdbd-11d8-81b0-000347a4fa7d
+FreeBSD>=502120<503000|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361 http://www.securityfocus.com/bid/11051|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d
+FreeBSD>=600000<600001|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361 http://www.securityfocus.com/bid/11051|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d
+{ja-,}phpgroupware<0.9.16.003|http://secunia.com/advisories/12466 http://phpgroupware.org/ http://www.osvdb.org/9729 http://freshmeat.net/releases/171909|XSS vulnerability in phpGroupWare wiki module|64726098-00aa-11d9-81b0-000347a4fa7d
diff --git a/security/portaudit-db/database/portaudit.xml b/security/portaudit-db/database/portaudit.xml
index 5d49a25af892..2bb28014dd18 100644
--- a/security/portaudit-db/database/portaudit.xml
+++ b/security/portaudit-db/database/portaudit.xml
@@ -1060,10 +1060,46 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
<url>http://www.osvdb.org/9521</url>
<url>http://www.osvdb.org/9522</url>
<bid>10354</bid>
+ <bid>11093</bid>
+ <url>http://rhn.redhat.com/errata/RHSA-2004-323.html</url>
</references>
<dates>
<discovery>2004-05-19</discovery>
<entry>2004-09-03</entry>
</dates>
</vuln>
+
+ <vuln vid="fdbbed57-f933-11d8-a776-00e081220a76">
+ <topic>cdrtools local privilege escalation</topic>
+ <affects>
+ <package>
+ <name>cdrtools</name>
+ <range><lt>2.0.3_4</lt></range>
+ </package>
+ <package>
+ <name>cdrtools-cjk</name>
+ <range><lt>2.0.3.20030714_4</lt></range>
+ </package>
+ <package>
+ <name>cdrtools-devel</name>
+ <range><lt>2.01a38</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Max Vozeler found a flaw in in cdrecord allowing a local root exploit</p>
+ </body>
+ </description>
+ <references>
+ <url>ftp://ftp.berlios.de/pub/cdrecord/alpha/AN-2.01a38</url>
+ <url>http://www.osvdb.org/9395</url>
+ <cvename>CAN-2004-0806</cvename>
+ <mlist msgid="E1C0yA3-0002cc-00@newraff.debian.org">http://lists.debian.org/debian-devel-changes/2004/08/msg03421.html</mlist>
+ <bid>11075</bid>
+ </references>
+ <dates>
+ <discovery>2004-08-28</discovery>
+ <entry>2004-08-30</entry>
+ </dates>
+ </vuln>
</vuxml>