diff options
| author | rakuco <rakuco@FreeBSD.org> | 2012-03-26 01:20:54 +0800 |
|---|---|---|
| committer | rakuco <rakuco@FreeBSD.org> | 2012-03-26 01:20:54 +0800 |
| commit | 10983752206579cdd35fceb3db1aa75b7a0fec46 (patch) | |
| tree | 4d81ddf48b2b3a28adc9cc0eaebed29bb69faa4c /security | |
| parent | bd419274e22c4be652fd33738e81f1d40837b11e (diff) | |
| download | freebsd-ports-gnome-10983752206579cdd35fceb3db1aa75b7a0fec46.tar.gz freebsd-ports-gnome-10983752206579cdd35fceb3db1aa75b7a0fec46.tar.zst freebsd-ports-gnome-10983752206579cdd35fceb3db1aa75b7a0fec46.zip | |
Document CVE-2012-0037 for textproc/raptor and textproc/raptor2.
Security: CVE-2012-0037
Feature safe: yes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6a8c24178048..40aeba321fa8 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,50 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="60f81af3-7690-11e1-9423-00235a5f2c9a"> + <topic>raptor/raptor2 -- XXE in RDF/XML File Interpretation</topic> + <affects> + <package> + <name>raptor2</name> + <range><lt>2.0.7</lt></range> + </package> + <package> + <name>raptor</name> + <range><lt>1.4.21_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Timothy D. Morgan reports:</p> + <blockquote cite="http://www.vsecurity.com/resources/advisory/20120324-1/"> + <p>In December 2011, VSR identified a vulnerability in multiple open + source office products (including OpenOffice, LibreOffice, KOffice, + and AbiWord) due to unsafe interpretation of XML files with custom + entity declarations. Deeper analysis revealed that the vulnerability + was caused by acceptance of external entities by the libraptor + library, which is used by librdf and is in turn used by these office + products.</p> + <p>In the context of office applications, these vulnerabilities could + allow for XML External Entity (XXE) attacks resulting in file theft + and a loss of user privacy when opening potentially malicious ODF + documents. For other applications which depend on librdf or + libraptor, potentially serious consequences could result from + accepting RDF/XML content from untrusted sources, though the impact + may vary widely depending on the context.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-0037</cvename> + <url>http://seclists.org/fulldisclosure/2012/Mar/281</url> + <url>http://www.vsecurity.com/resources/advisory/20120324-1/</url> + </references> + <dates> + <discovery>2012-03-24</discovery> + <entry>2012-03-25</entry> + </dates> + </vuln> + <vuln vid="42a2c82a-75b9-11e1-89b4-001ec9578670"> <topic>quagga -- multiple vulnerabilities</topic> <affects> |