diff options
| author | stas <stas@FreeBSD.org> | 2009-09-15 04:06:29 +0800 |
|---|---|---|
| committer | stas <stas@FreeBSD.org> | 2009-09-15 04:06:29 +0800 |
| commit | c536a5b9c3c0b359dfbf9a9fd48ec0b4d17a107c (patch) | |
| tree | b34dfe406454f9698d31481b5c4cb0f9825eccf9 /security | |
| parent | bdc6d70749c146919ca42dd3deb9a493df111292 (diff) | |
| download | freebsd-ports-gnome-c536a5b9c3c0b359dfbf9a9fd48ec0b4d17a107c.tar.gz freebsd-ports-gnome-c536a5b9c3c0b359dfbf9a9fd48ec0b4d17a107c.tar.zst freebsd-ports-gnome-c536a5b9c3c0b359dfbf9a9fd48ec0b4d17a107c.zip | |
- Fix formatting.
- Add link to the debian security advisory.
- Fix the description to be the actual citation from the official sources
instead of some wild interpretation. We do not know for sure if remote
code execution is possible at all and from looking to the source code it
seems unlikely as the buffer undeflown is allocated on the heap. Moreover,
it is not clear if this is exploitable in the default install.
Discussed with: az
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index afb2ca566a38..0a3e0a1dcfe4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -49,27 +49,25 @@ Note: Please add new entries to the beginning of this file. </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>nginx security advisory reports:</p> + <p>nginx development team reports:</p> <blockquote cite="http://nginx.net/CHANGES"> - <p>Chris Ries discovered that nginx, a high-performance HTTP server, - reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer - underflow when processing certain HTTP requests. An attacker can - use this to execute arbitrary code with the rights of the worker - process or possibly perform denial of service attacks by repeatedly - crashing worker processes via a specially crafted URL in an HTTP - request.</p> + <p>A segmentation fault might occur in worker process while + specially crafted request handling.</p> </blockquote> </body> </description> <references> <cvename>CVE-2009-2629</cvename> <url>http://nginx.net/CHANGES</url> + <mlist msgid="20090914155338.GA2529@ngolde.de">http://lists.debian.org/debian-security-announce/2009/msg00205.html</mlist> </references> <dates> <discovery>2009-09-14</discovery> <entry>2009-09-14</entry> + <modified>2009-09-15</modified> </dates> </vuln> + <vuln vid="6e8f54af-a07d-11de-a649-000c2955660f"> <topic>ikiwiki -- insufficient blacklisting in teximg plugin</topic> <affects> |