diff options
| author | miwi <miwi@FreeBSD.org> | 2008-12-26 00:41:54 +0800 |
|---|---|---|
| committer | miwi <miwi@FreeBSD.org> | 2008-12-26 00:41:54 +0800 |
| commit | c20940600dd86293d6542ac476d398a8aaa918fd (patch) | |
| tree | 606500cd9577c2ad9b8b25d4d33e260661f95ce4 /security | |
| parent | 960b983747cef6d281efb001f2b5e8c6da5bd0f8 (diff) | |
| download | freebsd-ports-gnome-c20940600dd86293d6542ac476d398a8aaa918fd.tar.gz freebsd-ports-gnome-c20940600dd86293d6542ac476d398a8aaa918fd.tar.zst freebsd-ports-gnome-c20940600dd86293d6542ac476d398a8aaa918fd.zip | |
- Small cleanup for the last cups-base entry
* CVE-2008-5184 was fixed in 1.3.8.
* CVE-2008-1722 does not related to anything in this entry;
* PNG buffer overflow is really CVE-2008-5286.
Reported by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
No Cookies for: miwi
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 031426922f8e..460e82c27a94 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -790,7 +790,7 @@ Note: Please add new entries to the beginning of this file. </vuln> <vuln vid="87106b67-be13-11dd-a578-0030843d3802"> - <topic>cups -- multiple vulnerabilities</topic> + <topic>cups -- potential buffer overflow in PNG reading code</topic> <affects> <package> <name>cups-base</name> @@ -799,27 +799,24 @@ Note: Please add new entries to the beginning of this file. </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>The cups reports:</p> - <blockquote cite="http://www.cups.org/str.php?L2974"> - <p>The PNG image reading code did not validate the image size - properly, leading to a potential buffer overflow (STR #2974)</p> - <p>The web interface (cgi-bin/admin.c) in CUPS uses the - guest username when a user is not logged on to the web server, which - makes it easier for remote attackers to bypass intended policy and - conduct CSRF attacks via the (1) add and (2) cancel RSS subscription - functions.</p> + <p>CUPS reports:</p> + <blockquote cite="http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt"> + <p>The PNG image reading code did not validate the + image size properly, leading to a potential buffer overflow + (STR #2974)</p> </blockquote> </body> </description> <references> - <cvename>CVE-2008-1722</cvename> - <cvename>CVE-2008-5184</cvename> - <url>http://secunia.com/advisories/30190</url> + <cvename>CVE-2008-5286</cvename> <url>http://www.cups.org/str.php?L2974</url> + <url>http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt</url> + <url>http://www.openwall.com/lists/oss-security/2008/11/25/2</url> </references> <dates> <discovery>2008-10-17</discovery> <entry>2008-11-29</entry> + <modified>2008-12-25</modified> </dates> </vuln> |