diff options
-rw-r--r-- | ports-mgmt/portaudit-db/database/portaudit.txt | 2 | ||||
-rw-r--r-- | ports-mgmt/portaudit-db/database/portaudit.xlist | 2 | ||||
-rw-r--r-- | ports-mgmt/portaudit-db/database/portaudit.xml | 69 | ||||
-rw-r--r-- | security/portaudit-db/database/portaudit.txt | 2 | ||||
-rw-r--r-- | security/portaudit-db/database/portaudit.xlist | 2 | ||||
-rw-r--r-- | security/portaudit-db/database/portaudit.xml | 69 |
6 files changed, 142 insertions, 4 deletions
diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt index ed35599ec6b0..a2bf5a4cd36a 100644 --- a/ports-mgmt/portaudit-db/database/portaudit.txt +++ b/ports-mgmt/portaudit-db/database/portaudit.txt @@ -60,7 +60,6 @@ gnutls-devel>=1.1.*<1.1.12|http://www.hornik.sk/SA/SA-20040802.txt http://secuni ripmime<1.3.2.3|http://www.osvdb.org/8287 http://secunia.com/advisories/12201 http://www.securityfocus.com/bid/10848|ripMIME attachment extraction bypass|85e19dff-e606-11d8-9b0a-000347a4fa7d {linux-,}opera<7.54|http://www.opera.com/freebsd/changelogs/754/ http://www.greymagic.com/security/advisories/gm008-op/ http://secunia.com/advisories/12233 http://www.osvdb.org/8331|Opera "location" object write access vulnerability|0deed2ce-e6f5-11d8-9a79-000347dd607f putty<0.55|http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10 http://www.osvdb.org/8299 http://secunia.com/advisories/12212|modified server can execute commands on the client|4424f4db-e697-11d8-bf04-000c763e9a47 -p5-Mail-SpamAssassin<2.64|http://secunia.com/advisories/12255 http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2|SpamAssassin DoS vulnerability|bacbc357-ea65-11d8-9440-000347a4fa7d cfengine2<2.1.8|http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10 http://secunia.com/advisories/12251|cfengine authentication heap corruption|f2a1dc8b-ea66-11d8-9440-000347a4fa7d libxine<=1.0.r5_1|http://www.open-security.org/advisories/6 http://secunia.com/advisories/12194 http://sourceforge.net/mailarchive/forum.php?thread_id=5143955&forum_id=11923|libxine vcd MRL input identifier management overflow|bef4515b-eaa9-11d8-9440-000347a4fa7d rsync<2.6.2_2|http://lists.samba.org/archive/rsync-announce/2004/000017.html http://secunia.com/advisories/12294 |security hole in non-chroot rsync daemon|2689f4cb-ec4c-11d8-9440-000347a4fa7d @@ -70,5 +69,4 @@ phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http:// {ja-,}phpgroupware<0.9.16.002|http://freshmeat.net/releases/168144 http://www.osvdb.org/8354 http://xforce.iss.net/xforce/xfdb/16970|phpGroupWare stores passwords in plain text|82f16a40-ef12-11d8-81b0-000347a4fa7d gallery<=1.4.4|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d -qt>=3.*<3.3.3|http://scary.beasts.org/security/CESA-2004-004.txt http://secunia.com/advisories/12325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693 http://www.osvdb.org/9026 http://xforce.iss.net/xforce/xfdb/17040 http://xforce.iss.net/xforce/xfdb/17041 http://xforce.iss.net/xforce/xfdb/17042|Qt 3.x BMP heap-based overflow, GIF and XPM DoS NULL pointer dereference|eda0ade6-f281-11d8-81b0-000347a4fa7d a2ps-{a4,letter,letterdj}<4.13b_2|http://www.freebsd.org/cgi/query-pr.cgi?pr=70618|a2ps: Possible execution of shell commands as local user|8091fcea-f35e-11d8-81b0-000347a4fa7d diff --git a/ports-mgmt/portaudit-db/database/portaudit.xlist b/ports-mgmt/portaudit-db/database/portaudit.xlist index bae5e818a065..33eed473166e 100644 --- a/ports-mgmt/portaudit-db/database/portaudit.xlist +++ b/ports-mgmt/portaudit-db/database/portaudit.xlist @@ -20,3 +20,5 @@ a713c0f9-ec54-11d8-9440-000347a4fa7d 5b8f9a02-ec93-11d8-b913-000c41e2cdad 65a17a3f-ed6e-11d8-aff1-00061bc2ad93 e811aaf1-f015-11d8-876f-00902714cc7c +ebffe27a-f48c-11d8-9837-000c41e2cdad +0d3a5148-f512-11d8-9837-000c41e2cdad diff --git a/ports-mgmt/portaudit-db/database/portaudit.xml b/ports-mgmt/portaudit-db/database/portaudit.xml index a25db2eaa413..b16497ec3b05 100644 --- a/ports-mgmt/portaudit-db/database/portaudit.xml +++ b/ports-mgmt/portaudit-db/database/portaudit.xml @@ -134,8 +134,11 @@ This file is in the public domain. <cvename>CAN-2004-0631</cvename> <url>http://secunia.com/advisories/12285</url> <url>http://xforce.iss.net/xforce/xfdb/16972</url> + <url>http://xforce.iss.net/xforce/xfdb/16973</url> <url>http://www.idefense.com/application/poi/display?id=124&type=vulnerabilities&flashstatus=false</url> <url>http://www.idefense.com/application/poi/display?id=125&type=vulnerabilities&flashstatus=false</url> + <url>http://www.osvdb.org/8654</url> + <url>http://www.osvdb.org/8655</url> </references> <dates> <discovery>2004-03-30</discovery> @@ -763,7 +766,10 @@ This file is in the public domain. <cvename>CAN-2004-0500</cvename> <url>http://secunia.com/advisories/12125</url> <url>http://www.osvdb.org/8382</url> + <url>http://www.osvdb.org/8961</url> + <url>http://www.osvdb.org/8962</url> <url>http://www.suse.com/de/security/2004_25_gaim.html</url> + <bid>10865</bid> </references> <dates> <discovery>2004-08-12</discovery> @@ -830,4 +836,67 @@ This file is in the public domain. <modified>2004-08-16</modified> </dates> </vuln> + + <vuln vid="ebffe27a-f48c-11d8-9837-000c41e2cdad"> + <cancelled superseded="eda0ade6-f281-11d8-81b0-000347a4fa7d"/> + </vuln> + + <vuln vid="eda0ade6-f281-11d8-81b0-000347a4fa7d"> + <topic>Qt 3.x BMP heap-based overflow, GIF and XPM DoS NULL pointer dereference</topic> + <affects> + <package> + <name>qt</name> + <range><ge>3.*</ge><lt>3.3.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chris Evans has discovered flaws in th handling of various bitmap + formats, allowing the execution of arbitrary code or causing a DoS.</p> + </body> + </description> + <references> + <url>http://scary.beasts.org/security/CESA-2004-004.txt</url> + <url>http://secunia.com/advisories/12325</url> + <cvename>CAN-2004-0691</cvename> + <cvename>CAN-2004-0692</cvename> + <cvename>CAN-2004-0693</cvename> + <url>http://www.osvdb.org/9026</url> + <url>http://xforce.iss.net/xforce/xfdb/17040</url> + <url>http://xforce.iss.net/xforce/xfdb/17041</url> + <url>http://xforce.iss.net/xforce/xfdb/17042</url> + </references> + <dates> + <discovery>2000-08-18</discovery> + <entry>2004-08-20</entry> + </dates> + </vuln> + + <vuln vid="0d3a5148-f512-11d8-9837-000c41e2cdad"> + <cancelled superseded="bacbc357-ea65-11d8-9440-000347a4fa7d"/> + </vuln> + + <vuln vid="bacbc357-ea65-11d8-9440-000347a4fa7d"> + <topic>SpamAssassin DoS vulnerability</topic> + <affects> + <package> + <name>p5-Mail-SpamAssassin</name> + <range><lt>2.64</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Unspecified malformed messages can be used to + cause a DoS (Denial of Service).</p> + </body> + </description> + <references> + <url>http://secunia.com/advisories/12255</url> + <mlist msgid="20040805034902.6DF465900BB@radish.jmason.org>">http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2</mlist> + </references> + <dates> + <discovery>2004-08-05</discovery> + <entry>2004-08-10</entry> + </dates> + </vuln> </vuxml> diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt index ed35599ec6b0..a2bf5a4cd36a 100644 --- a/security/portaudit-db/database/portaudit.txt +++ b/security/portaudit-db/database/portaudit.txt @@ -60,7 +60,6 @@ gnutls-devel>=1.1.*<1.1.12|http://www.hornik.sk/SA/SA-20040802.txt http://secuni ripmime<1.3.2.3|http://www.osvdb.org/8287 http://secunia.com/advisories/12201 http://www.securityfocus.com/bid/10848|ripMIME attachment extraction bypass|85e19dff-e606-11d8-9b0a-000347a4fa7d {linux-,}opera<7.54|http://www.opera.com/freebsd/changelogs/754/ http://www.greymagic.com/security/advisories/gm008-op/ http://secunia.com/advisories/12233 http://www.osvdb.org/8331|Opera "location" object write access vulnerability|0deed2ce-e6f5-11d8-9a79-000347dd607f putty<0.55|http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10 http://www.osvdb.org/8299 http://secunia.com/advisories/12212|modified server can execute commands on the client|4424f4db-e697-11d8-bf04-000c763e9a47 -p5-Mail-SpamAssassin<2.64|http://secunia.com/advisories/12255 http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2|SpamAssassin DoS vulnerability|bacbc357-ea65-11d8-9440-000347a4fa7d cfengine2<2.1.8|http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10 http://secunia.com/advisories/12251|cfengine authentication heap corruption|f2a1dc8b-ea66-11d8-9440-000347a4fa7d libxine<=1.0.r5_1|http://www.open-security.org/advisories/6 http://secunia.com/advisories/12194 http://sourceforge.net/mailarchive/forum.php?thread_id=5143955&forum_id=11923|libxine vcd MRL input identifier management overflow|bef4515b-eaa9-11d8-9440-000347a4fa7d rsync<2.6.2_2|http://lists.samba.org/archive/rsync-announce/2004/000017.html http://secunia.com/advisories/12294 |security hole in non-chroot rsync daemon|2689f4cb-ec4c-11d8-9440-000347a4fa7d @@ -70,5 +69,4 @@ phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http:// {ja-,}phpgroupware<0.9.16.002|http://freshmeat.net/releases/168144 http://www.osvdb.org/8354 http://xforce.iss.net/xforce/xfdb/16970|phpGroupWare stores passwords in plain text|82f16a40-ef12-11d8-81b0-000347a4fa7d gallery<=1.4.4|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d -qt>=3.*<3.3.3|http://scary.beasts.org/security/CESA-2004-004.txt http://secunia.com/advisories/12325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693 http://www.osvdb.org/9026 http://xforce.iss.net/xforce/xfdb/17040 http://xforce.iss.net/xforce/xfdb/17041 http://xforce.iss.net/xforce/xfdb/17042|Qt 3.x BMP heap-based overflow, GIF and XPM DoS NULL pointer dereference|eda0ade6-f281-11d8-81b0-000347a4fa7d a2ps-{a4,letter,letterdj}<4.13b_2|http://www.freebsd.org/cgi/query-pr.cgi?pr=70618|a2ps: Possible execution of shell commands as local user|8091fcea-f35e-11d8-81b0-000347a4fa7d diff --git a/security/portaudit-db/database/portaudit.xlist b/security/portaudit-db/database/portaudit.xlist index bae5e818a065..33eed473166e 100644 --- a/security/portaudit-db/database/portaudit.xlist +++ b/security/portaudit-db/database/portaudit.xlist @@ -20,3 +20,5 @@ a713c0f9-ec54-11d8-9440-000347a4fa7d 5b8f9a02-ec93-11d8-b913-000c41e2cdad 65a17a3f-ed6e-11d8-aff1-00061bc2ad93 e811aaf1-f015-11d8-876f-00902714cc7c +ebffe27a-f48c-11d8-9837-000c41e2cdad +0d3a5148-f512-11d8-9837-000c41e2cdad diff --git a/security/portaudit-db/database/portaudit.xml b/security/portaudit-db/database/portaudit.xml index a25db2eaa413..b16497ec3b05 100644 --- a/security/portaudit-db/database/portaudit.xml +++ b/security/portaudit-db/database/portaudit.xml @@ -134,8 +134,11 @@ This file is in the public domain. <cvename>CAN-2004-0631</cvename> <url>http://secunia.com/advisories/12285</url> <url>http://xforce.iss.net/xforce/xfdb/16972</url> + <url>http://xforce.iss.net/xforce/xfdb/16973</url> <url>http://www.idefense.com/application/poi/display?id=124&type=vulnerabilities&flashstatus=false</url> <url>http://www.idefense.com/application/poi/display?id=125&type=vulnerabilities&flashstatus=false</url> + <url>http://www.osvdb.org/8654</url> + <url>http://www.osvdb.org/8655</url> </references> <dates> <discovery>2004-03-30</discovery> @@ -763,7 +766,10 @@ This file is in the public domain. <cvename>CAN-2004-0500</cvename> <url>http://secunia.com/advisories/12125</url> <url>http://www.osvdb.org/8382</url> + <url>http://www.osvdb.org/8961</url> + <url>http://www.osvdb.org/8962</url> <url>http://www.suse.com/de/security/2004_25_gaim.html</url> + <bid>10865</bid> </references> <dates> <discovery>2004-08-12</discovery> @@ -830,4 +836,67 @@ This file is in the public domain. <modified>2004-08-16</modified> </dates> </vuln> + + <vuln vid="ebffe27a-f48c-11d8-9837-000c41e2cdad"> + <cancelled superseded="eda0ade6-f281-11d8-81b0-000347a4fa7d"/> + </vuln> + + <vuln vid="eda0ade6-f281-11d8-81b0-000347a4fa7d"> + <topic>Qt 3.x BMP heap-based overflow, GIF and XPM DoS NULL pointer dereference</topic> + <affects> + <package> + <name>qt</name> + <range><ge>3.*</ge><lt>3.3.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chris Evans has discovered flaws in th handling of various bitmap + formats, allowing the execution of arbitrary code or causing a DoS.</p> + </body> + </description> + <references> + <url>http://scary.beasts.org/security/CESA-2004-004.txt</url> + <url>http://secunia.com/advisories/12325</url> + <cvename>CAN-2004-0691</cvename> + <cvename>CAN-2004-0692</cvename> + <cvename>CAN-2004-0693</cvename> + <url>http://www.osvdb.org/9026</url> + <url>http://xforce.iss.net/xforce/xfdb/17040</url> + <url>http://xforce.iss.net/xforce/xfdb/17041</url> + <url>http://xforce.iss.net/xforce/xfdb/17042</url> + </references> + <dates> + <discovery>2000-08-18</discovery> + <entry>2004-08-20</entry> + </dates> + </vuln> + + <vuln vid="0d3a5148-f512-11d8-9837-000c41e2cdad"> + <cancelled superseded="bacbc357-ea65-11d8-9440-000347a4fa7d"/> + </vuln> + + <vuln vid="bacbc357-ea65-11d8-9440-000347a4fa7d"> + <topic>SpamAssassin DoS vulnerability</topic> + <affects> + <package> + <name>p5-Mail-SpamAssassin</name> + <range><lt>2.64</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Unspecified malformed messages can be used to + cause a DoS (Denial of Service).</p> + </body> + </description> + <references> + <url>http://secunia.com/advisories/12255</url> + <mlist msgid="20040805034902.6DF465900BB@radish.jmason.org>">http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2</mlist> + </references> + <dates> + <discovery>2004-08-05</discovery> + <entry>2004-08-10</entry> + </dates> + </vuln> </vuxml> |