aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/vuxml/vuln.xml50
1 files changed, 50 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 07045195b470..6f7e8b87d13a 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,56 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="eb9212f7-526b-11de-bbf2-001b77d09812">
+ <topic>apr -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>apr</name>
+ <range><lt>1.3.5.1.3.7</lt></range>
+ </package>
+ <package>
+ <name>apache</name>
+ <range><ge>2.2.0</ge><lt>2.2.11_5</lt></range>
+ <range><ge>2.0.0</ge><lt>2.0.63_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Secunia reports:</p>
+ <blockquote
+ cite="http://secunia.com/advisories/35284/">
+ <p>Some vulnerabilities have been reported in APR-util, which
+ can be exploited by malicious users and malicious people to
+ cause a DoS (Denial of Service).</p>
+ <p>A vulnerability is caused due to an error in the processing
+ of XML files and can be exploited to exhaust all available
+ memory via a specially crafted XML file containing a
+ predefined entity inside an entity definition.</p>
+ <p>A vulnerability is caused due to an error within the
+ "apr_strmatch_precompile()" function in
+ strmatch/apr_strmatch.c, which can be exploited to crash an
+ application using the library.</p>
+ </blockquote>
+ <p>RedHat reports:</p>
+ <blockquote
+ cite="https://bugzilla.redhat.com/show_bug.cgi?id=3D504390">
+ <p>A single NULL byte buffer overflow flaw was found in
+ apr-util's apr_brigade_vprintf() function.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2009-0023</cvename>
+ <bid>35221</bid>
+ <url>http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3</url>
+ <url>http://secunia.com/advisories/35284/</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=3D504390</url>
+ </references>
+ <dates>
+ <discovery>2009-06-05</discovery>
+ <entry>TODAY</entry>
+ </dates>
+ </vuln>
<vuln vid="4f838b74-50a1-11de-b01f-001c2514716c">
<topic>dokuwiki -- Local File Inclusion with register_globals on</topic>
<affects>