aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorpgollucci <pgollucci@FreeBSD.org>2010-10-06 13:29:49 +0800
committerpgollucci <pgollucci@FreeBSD.org>2010-10-06 13:29:49 +0800
commited97dacfa91805b2a531ec2c53e40b1d6f7bfe0c (patch)
tree32a7b04a510ca1ccf4a95a602053f57a1e42e448 /security
parent1c132b91b039d56a97908e331ffda302c96758d9 (diff)
downloadfreebsd-ports-gnome-ed97dacfa91805b2a531ec2c53e40b1d6f7bfe0c.tar.gz
freebsd-ports-gnome-ed97dacfa91805b2a531ec2c53e40b1d6f7bfe0c.tar.zst
freebsd-ports-gnome-ed97dacfa91805b2a531ec2c53e40b1d6f7bfe0c.zip
Document devel/apr1's apr-util vunerabilities
Security: http://secunia.com/advisories/41701 Reviewed by: secteam (cperciva) via irc
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml39
1 files changed, 39 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 9377fe6f8547..6899fba16262 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,45 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="dd943fbb-d0fe-11df-95a8-00219b0fc4d8">
+ <topic>apr -- multiple vunerabilities</topic>
+ <affects>
+ <package>
+ <name>apr</name>
+ <range><lt>1.4.2.1.3.10</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Secunia reports:</p>
+ <blockquote cite="http://secunia.com/advisories/41701">
+ <p>Multiple vulnerabilities have been reported in APR-util, which can
+ be exploited by malicious people to cause a DoS (Denial of
+ Service).</p>
+ <p>Two XML parsing vulnerabilities exist in the bundled version of
+ expat.</p>
+ <p>An error within the "apr_brigade_split_line()" function in
+ buckets/apr_brigade.c can be exploited to cause high memory
+ consumption.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>43673</bid>
+ <cvename>CVE-2009-3560</cvename>
+ <cvename>CVE-2009-3720</cvename>
+ <cvename>CVE-2010-1623</cvename>
+ <url>http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3</url>
+ <url>http://secunia.com/advisories/41701</url>
+ <url>http://http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1623</url>
+ <url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1956</url>
+ </references>
+ <dates>
+ <discovery>2010-10-02</discovery>
+ <entry>2010-10-06</entry>
+ </dates>
+ </vuln>
+
<vuln vid="99021f88-ca3c-11df-be21-00e018aa7788">
<topic>phpmyfaq -- cross site scripting vulnerabilities</topic>
<affects>