diff options
author | sat <sat@FreeBSD.org> | 2006-09-22 21:05:32 +0800 |
---|---|---|
committer | sat <sat@FreeBSD.org> | 2006-09-22 21:05:32 +0800 |
commit | cac3c9df63f6d4f83e4332b476793094e948261f (patch) | |
tree | 4ad21cd4a0a25c015ca840a8d27a8bc34e230a68 /security | |
parent | 1b6860585b8252e94969c34a4fbeb32da4c3f200 (diff) | |
download | freebsd-ports-gnome-cac3c9df63f6d4f83e4332b476793094e948261f.tar.gz freebsd-ports-gnome-cac3c9df63f6d4f83e4332b476793094e948261f.tar.zst freebsd-ports-gnome-cac3c9df63f6d4f83e4332b476793094e948261f.zip |
- Document restructuredText "csv_table" Information Disclosure in zope
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 0956b38e7dab..227e2ce8fd34 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="65a8f773-4a37-11db-a4cc-000a48049292"> + <topic>zope -- restructuredText "csv_table" Information Disclosure</topic> + <affects> + <package> + <name>zope</name> + <range><ge>2.7.0</ge><lt>2.7.9_1</lt></range> + <range><ge>2.8.0</ge><lt>2.8.8_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/21947/"> + <p>A vulnerability has been reported in Zope, which can be + exploited by malicious people to disclose potentially + sensitive information.</p> + <p>The vulnerability is caused due to an error in the use of + the docutils module to parse and render "restructured" + text. This can be exploited to disclose certain information + via the "csv_table" reStructuredText directive.</p> + </blockquote> + </body> + </description> + <references> + <url>http://secunia.com/advisories/21947/</url> + <url>http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt</url> + </references> + <dates> + <discovery>2006-08-21</discovery> + <entry>2006-09-22</entry> + </dates> + </vuln> + <vuln vid="f6bff909-4a26-11db-a4cc-000a48049292"> <topic>libmms -- stack-based buffer overflow</topic> <affects> |