aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ports-mgmt/portaudit-db/database/portaudit.txt3
-rw-r--r--security/portaudit-db/database/portaudit.txt3
-rw-r--r--security/vuxml/vuln.xml93
3 files changed, 93 insertions, 6 deletions
diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt
index acccad8a2e90..c6eded4eb5bc 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@@ -62,6 +62,3 @@ gnutls-devel>=1.1.*<1.1.12|http://www.hornik.sk/SA/SA-20040802.txt http://secuni
ripmime<1.3.2.3|http://www.osvdb.org/8287 http://secunia.com/advisories/12201|ripMIME attachment extraction bypass|85e19dff-e606-11d8-9b0a-000347a4fa7d
squid<2.5.5_11|http://www.osvdb.org/6791|Squid NTLM authentication helper overflow|f72ccf7c-e607-11d8-9b0a-000347a4fa7d
acroread<5.09|http://www.osvdb.org/7429 http://freshmeat.net/projects/acrobatreader/?branch_id=92&release_id=164883|Acrobat Reader handling of malformed uuencoded pdf files|ab166a60-e60a-11d8-9b0a-000347a4fa7d
-png<=1.2.5_7|http://www.securityfocus.com/archive/1/370853 http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/236656 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286464|libPNG stack-based buffer overflow and other code concerns|f9e3e60b-e650-11d8-9b0a-000347a4fa7d
-linux-png<=1.0.14_3|http://www.securityfocus.com/archive/1/370853 http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/236656 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286464|libPNG stack-based buffer overflow and other code concerns|f9e3e60b-e650-11d8-9b0a-000347a4fa7d
-linux-png>=1.2.*<=1.2.2|http://www.securityfocus.com/archive/1/370853 http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/236656 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286464|libPNG stack-based buffer overflow and other code concerns|f9e3e60b-e650-11d8-9b0a-000347a4fa7d
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt
index acccad8a2e90..c6eded4eb5bc 100644
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@@ -62,6 +62,3 @@ gnutls-devel>=1.1.*<1.1.12|http://www.hornik.sk/SA/SA-20040802.txt http://secuni
ripmime<1.3.2.3|http://www.osvdb.org/8287 http://secunia.com/advisories/12201|ripMIME attachment extraction bypass|85e19dff-e606-11d8-9b0a-000347a4fa7d
squid<2.5.5_11|http://www.osvdb.org/6791|Squid NTLM authentication helper overflow|f72ccf7c-e607-11d8-9b0a-000347a4fa7d
acroread<5.09|http://www.osvdb.org/7429 http://freshmeat.net/projects/acrobatreader/?branch_id=92&release_id=164883|Acrobat Reader handling of malformed uuencoded pdf files|ab166a60-e60a-11d8-9b0a-000347a4fa7d
-png<=1.2.5_7|http://www.securityfocus.com/archive/1/370853 http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/236656 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286464|libPNG stack-based buffer overflow and other code concerns|f9e3e60b-e650-11d8-9b0a-000347a4fa7d
-linux-png<=1.0.14_3|http://www.securityfocus.com/archive/1/370853 http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/236656 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286464|libPNG stack-based buffer overflow and other code concerns|f9e3e60b-e650-11d8-9b0a-000347a4fa7d
-linux-png>=1.2.*<=1.2.2|http://www.securityfocus.com/archive/1/370853 http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 http://www.kb.cert.org/vuls/id/388984 http://www.kb.cert.org/vuls/id/236656 http://www.kb.cert.org/vuls/id/160448 http://www.kb.cert.org/vuls/id/477512 http://www.kb.cert.org/vuls/id/817368 http://www.kb.cert.org/vuls/id/286464|libPNG stack-based buffer overflow and other code concerns|f9e3e60b-e650-11d8-9b0a-000347a4fa7d
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 56635fed5c76..7ea68d9a286c 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -66,6 +66,9 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
<mlist msgid="200407222031.25086.bugtraq@beyondsecurity.com">http://www.securityfocus.com/archive/1/369706</mlist>
<url>http://www.samba.org/samba/whatsnew/samba-3.0.5.html</url>
<url>http://www.samba.org/samba/whatsnew/samba-2.2.10.html</url>
+ <url>http://www.osvdb.org/8190</url>
+ <url>http://www.osvdb.org/8191</url>
+ <url>http://secunia.com/advisories/12130</url>
</references>
<dates>
<discovery>2004-07-14</discovery>
@@ -233,6 +236,9 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
</description>
<references>
<url>http://www.osvdb.org/6704</url>
+ <cvename>CAN-2004-0708</cvename>
+ <bid>10568</bid>
+ <url>http://secunia.com/advisories/11807</url>
</references>
<dates>
<discovery>2004-05-04</discovery>
@@ -4108,10 +4114,97 @@ misc.c:
<url>http://bugzilla.mozilla.org/show_bug.cgi?id=252198</url>
<url>http://www.nd.edu/~jsmith30/xul/test/spoof.html</url>
<url>http://secunia.com/advisories/12188</url>
+ <bid>10832</bid>
</references>
<dates>
<discovery>2004-07-19</discovery>
<entry>2004-07-30</entry>
</dates>
</vuln>
+
+ <vuln vid="f9e3e60b-e650-11d8-9b0a-000347a4fa7d">
+ <topic>libPNG stack-based buffer overflow and other code concerns</topic>
+ <affects>
+ <package>
+ <name>png</name>
+ <range><le>1.2.5_7</le></range>
+ </package>
+ <package>
+ <name>linux-png</name>
+ <range><le>1.0.14_3</le></range>
+ <range><ge>1.2.*</ge><le>1.2.2</le></range>
+ </package>
+ <package>
+ <name>firefox</name>
+ <range><lt>0.9.3</lt></range>
+ </package>
+ <package>
+ <name>linux-mozilla</name>
+ <range><lt>1.7.2</lt></range>
+ </package>
+ <package>
+ <name>linux-mozilla-devel</name>
+ <range><lt>1.7.2</lt></range>
+ </package>
+ <package>
+ <name>mozilla</name>
+ <range><lt>1.7.2,2</lt></range>
+ <range><ge>1.8.*,2</ge><le>1.8.a2,2</le></range>
+ </package>
+ <package>
+ <name>mozilla-gtk1</name>
+ <range><lt>1.7.2</lt></range>
+ </package>
+ <package>
+ <name>netscape-{communicator,navigator}</name>
+ <range><le>4.78</le></range>
+ </package>
+ <package>
+ <name>linux-netscape-{communicator,navigator}</name>
+ <name>{ja,ko}-netscape-{communicator,navigator}-linux</name>
+ <range><le>4.8</le></range>
+ </package>
+ <package>
+ <name>{,ja-}netscape7</name>
+ <range><le>7.1</le></range>
+ </package>
+ <package>
+ <name>{de-,fr-,pt_BR-}netscape7</name>
+ <range><le>7.02</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chris Evans has discovered multiple vulnerabilities in libpng,
+ which can be exploited by malicious people to compromise a
+ vulnerable system or cause a DoS (Denial of Service).</p>
+ </body>
+ </description>
+ <references>
+ <mlist msgid="Pine.LNX.4.58.0408041840080.20655@sphinx.mythic-beasts.com">http://www.securityfocus.com/archive/1/370853</mlist>
+ <url>http://scary.beasts.org/security/CESA-2004-001.txt</url>
+ <url>http://www.osvdb.org/8312</url>
+ <url>http://www.osvdb.org/8313</url>
+ <url>http://www.osvdb.org/8314</url>
+ <url>http://www.osvdb.org/8315</url>
+ <url>http://www.osvdb.org/8316</url>
+ <cvename>CAN-2004-0597</cvename>
+ <cvename>CAN-2004-0598</cvename>
+ <cvename>CAN-2004-0599</cvename>
+ <certvu>388984</certvu>
+ <certvu>236656</certvu>
+ <certvu>160448</certvu>
+ <certvu>477512</certvu>
+ <certvu>817368</certvu>
+ <certvu>286464</certvu>
+ <url>http://secunia.com/advisories/12219</url>
+ <url>http://secunia.com/advisories/12232</url>
+ <url>http://bugzilla.mozilla.org/show_bug.cgi?id=251381</url>
+ </references>
+ <dates>
+ <discovery>2004-08-04</discovery>
+ <entry>2004-08-04</entry>
+ <modified>2004-08-05</modified>
+ </dates>
+ </vuln>
</vuxml>