diff options
| author | ashish <ashish@FreeBSD.org> | 2011-06-24 21:46:50 +0800 |
|---|---|---|
| committer | ashish <ashish@FreeBSD.org> | 2011-06-24 21:46:50 +0800 |
| commit | f305cb35ac32fc0a5779a30b3bf022d231078406 (patch) | |
| tree | bf4159f5ffe51703701512d037d36524c3ae1d7d /security | |
| parent | 9672ec1d0930891a2a22d7f35e2dedfd4cac308e (diff) | |
| download | freebsd-ports-gnome-f305cb35ac32fc0a5779a30b3bf022d231078406.tar.gz freebsd-ports-gnome-f305cb35ac32fc0a5779a30b3bf022d231078406.tar.zst freebsd-ports-gnome-f305cb35ac32fc0a5779a30b3bf022d231078406.zip | |
- Document ejabberd vulnerability fixed in 2.1.8
PR: ports/158137
Submitted by: Ruslan Mahamatkhanov <cvs-src@yandex.ru>
Security: http://vuxml.org/freebsd/01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6.html
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b90d9f3032ae..0d1529052add 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,37 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6"> + <topic>ejabberd -- remote denial of service vulnerability</topic> + <affects> + <package> + <name>ejabberd</name> + <range><lt>2.1.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>It's reported in CVE advisory that:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1753"> + <p>expat_erl.c in ejabberd before 2.1.7 and 3.x before + 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect + recursion during entity expansion, which allows remote attackers + to cause a denial of service (memory and CPU consumption) via a + crafted XML document containing a large number of nested entity + references, a similar issue to CVE-2003-1564.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-1753</cvename> + <url>http://www.ejabberd.im/ejabberd-2.1.7</url> + </references> + <dates> + <discovery>2011-04-27</discovery> + <entry>2011-06-24</entry> + </dates> + </vuln> + <vuln vid="dfe40cff-9c3f-11e0-9bec-6c626dd55a41"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> @@ -146,7 +177,7 @@ Note: Please add new entries to the beginning of this file. <p>The Piwik 1.5 release addresses a critical security vulnerability, which affect all Piwik users that have let granted some access to the "anonymous" user.</p> - <p>Piwik contains a remotely exploitable vulnerabiliy that could + <p>Piwik contains a remotely exploitable vulnerability that could allow a remote attacker to execute arbitrary code. Only installations that have granted untrusted view access to their stats (ie. grant "view" access to a website to anonymous) are at |