aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ports-mgmt/portaudit-db/database/portaudit.txt2
-rw-r--r--ports-mgmt/portaudit-db/database/portaudit.xlist2
-rw-r--r--ports-mgmt/portaudit-db/database/portaudit.xml69
-rw-r--r--security/portaudit-db/database/portaudit.txt2
-rw-r--r--security/portaudit-db/database/portaudit.xlist2
-rw-r--r--security/portaudit-db/database/portaudit.xml69
6 files changed, 142 insertions, 4 deletions
diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt
index ed35599ec6b0..a2bf5a4cd36a 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@@ -60,7 +60,6 @@ gnutls-devel>=1.1.*<1.1.12|http://www.hornik.sk/SA/SA-20040802.txt http://secuni
ripmime<1.3.2.3|http://www.osvdb.org/8287 http://secunia.com/advisories/12201 http://www.securityfocus.com/bid/10848|ripMIME attachment extraction bypass|85e19dff-e606-11d8-9b0a-000347a4fa7d
{linux-,}opera<7.54|http://www.opera.com/freebsd/changelogs/754/ http://www.greymagic.com/security/advisories/gm008-op/ http://secunia.com/advisories/12233 http://www.osvdb.org/8331|Opera "location" object write access vulnerability|0deed2ce-e6f5-11d8-9a79-000347dd607f
putty<0.55|http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10 http://www.osvdb.org/8299 http://secunia.com/advisories/12212|modified server can execute commands on the client|4424f4db-e697-11d8-bf04-000c763e9a47
-p5-Mail-SpamAssassin<2.64|http://secunia.com/advisories/12255 http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2|SpamAssassin DoS vulnerability|bacbc357-ea65-11d8-9440-000347a4fa7d
cfengine2<2.1.8|http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10 http://secunia.com/advisories/12251|cfengine authentication heap corruption|f2a1dc8b-ea66-11d8-9440-000347a4fa7d
libxine<=1.0.r5_1|http://www.open-security.org/advisories/6 http://secunia.com/advisories/12194 http://sourceforge.net/mailarchive/forum.php?thread_id=5143955&forum_id=11923|libxine vcd MRL input identifier management overflow|bef4515b-eaa9-11d8-9440-000347a4fa7d
rsync<2.6.2_2|http://lists.samba.org/archive/rsync-announce/2004/000017.html http://secunia.com/advisories/12294 |security hole in non-chroot rsync daemon|2689f4cb-ec4c-11d8-9440-000347a4fa7d
@@ -70,5 +69,4 @@ phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://
{ja-,}phpgroupware<0.9.16.002|http://freshmeat.net/releases/168144 http://www.osvdb.org/8354 http://xforce.iss.net/xforce/xfdb/16970|phpGroupWare stores passwords in plain text|82f16a40-ef12-11d8-81b0-000347a4fa7d
gallery<=1.4.4|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d
apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d
-qt>=3.*<3.3.3|http://scary.beasts.org/security/CESA-2004-004.txt http://secunia.com/advisories/12325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693 http://www.osvdb.org/9026 http://xforce.iss.net/xforce/xfdb/17040 http://xforce.iss.net/xforce/xfdb/17041 http://xforce.iss.net/xforce/xfdb/17042|Qt 3.x BMP heap-based overflow, GIF and XPM DoS NULL pointer dereference|eda0ade6-f281-11d8-81b0-000347a4fa7d
a2ps-{a4,letter,letterdj}<4.13b_2|http://www.freebsd.org/cgi/query-pr.cgi?pr=70618|a2ps: Possible execution of shell commands as local user|8091fcea-f35e-11d8-81b0-000347a4fa7d
diff --git a/ports-mgmt/portaudit-db/database/portaudit.xlist b/ports-mgmt/portaudit-db/database/portaudit.xlist
index bae5e818a065..33eed473166e 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.xlist
+++ b/ports-mgmt/portaudit-db/database/portaudit.xlist
@@ -20,3 +20,5 @@ a713c0f9-ec54-11d8-9440-000347a4fa7d
5b8f9a02-ec93-11d8-b913-000c41e2cdad
65a17a3f-ed6e-11d8-aff1-00061bc2ad93
e811aaf1-f015-11d8-876f-00902714cc7c
+ebffe27a-f48c-11d8-9837-000c41e2cdad
+0d3a5148-f512-11d8-9837-000c41e2cdad
diff --git a/ports-mgmt/portaudit-db/database/portaudit.xml b/ports-mgmt/portaudit-db/database/portaudit.xml
index a25db2eaa413..b16497ec3b05 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.xml
+++ b/ports-mgmt/portaudit-db/database/portaudit.xml
@@ -134,8 +134,11 @@ This file is in the public domain.
<cvename>CAN-2004-0631</cvename>
<url>http://secunia.com/advisories/12285</url>
<url>http://xforce.iss.net/xforce/xfdb/16972</url>
+ <url>http://xforce.iss.net/xforce/xfdb/16973</url>
<url>http://www.idefense.com/application/poi/display?id=124&amp;type=vulnerabilities&amp;flashstatus=false</url>
<url>http://www.idefense.com/application/poi/display?id=125&amp;type=vulnerabilities&amp;flashstatus=false</url>
+ <url>http://www.osvdb.org/8654</url>
+ <url>http://www.osvdb.org/8655</url>
</references>
<dates>
<discovery>2004-03-30</discovery>
@@ -763,7 +766,10 @@ This file is in the public domain.
<cvename>CAN-2004-0500</cvename>
<url>http://secunia.com/advisories/12125</url>
<url>http://www.osvdb.org/8382</url>
+ <url>http://www.osvdb.org/8961</url>
+ <url>http://www.osvdb.org/8962</url>
<url>http://www.suse.com/de/security/2004_25_gaim.html</url>
+ <bid>10865</bid>
</references>
<dates>
<discovery>2004-08-12</discovery>
@@ -830,4 +836,67 @@ This file is in the public domain.
<modified>2004-08-16</modified>
</dates>
</vuln>
+
+ <vuln vid="ebffe27a-f48c-11d8-9837-000c41e2cdad">
+ <cancelled superseded="eda0ade6-f281-11d8-81b0-000347a4fa7d"/>
+ </vuln>
+
+ <vuln vid="eda0ade6-f281-11d8-81b0-000347a4fa7d">
+ <topic>Qt 3.x BMP heap-based overflow, GIF and XPM DoS NULL pointer dereference</topic>
+ <affects>
+ <package>
+ <name>qt</name>
+ <range><ge>3.*</ge><lt>3.3.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chris Evans has discovered flaws in th handling of various bitmap
+ formats, allowing the execution of arbitrary code or causing a DoS.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://scary.beasts.org/security/CESA-2004-004.txt</url>
+ <url>http://secunia.com/advisories/12325</url>
+ <cvename>CAN-2004-0691</cvename>
+ <cvename>CAN-2004-0692</cvename>
+ <cvename>CAN-2004-0693</cvename>
+ <url>http://www.osvdb.org/9026</url>
+ <url>http://xforce.iss.net/xforce/xfdb/17040</url>
+ <url>http://xforce.iss.net/xforce/xfdb/17041</url>
+ <url>http://xforce.iss.net/xforce/xfdb/17042</url>
+ </references>
+ <dates>
+ <discovery>2000-08-18</discovery>
+ <entry>2004-08-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0d3a5148-f512-11d8-9837-000c41e2cdad">
+ <cancelled superseded="bacbc357-ea65-11d8-9440-000347a4fa7d"/>
+ </vuln>
+
+ <vuln vid="bacbc357-ea65-11d8-9440-000347a4fa7d">
+ <topic>SpamAssassin DoS vulnerability</topic>
+ <affects>
+ <package>
+ <name>p5-Mail-SpamAssassin</name>
+ <range><lt>2.64</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Unspecified malformed messages can be used to
+ cause a DoS (Denial of Service).</p>
+ </body>
+ </description>
+ <references>
+ <url>http://secunia.com/advisories/12255</url>
+ <mlist msgid="20040805034902.6DF465900BB@radish.jmason.org>">http://marc.theaimsgroup.com/?l=spamassassin-announce&amp;m=109168121628767&amp;w=2</mlist>
+ </references>
+ <dates>
+ <discovery>2004-08-05</discovery>
+ <entry>2004-08-10</entry>
+ </dates>
+ </vuln>
</vuxml>
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt
index ed35599ec6b0..a2bf5a4cd36a 100644
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@@ -60,7 +60,6 @@ gnutls-devel>=1.1.*<1.1.12|http://www.hornik.sk/SA/SA-20040802.txt http://secuni
ripmime<1.3.2.3|http://www.osvdb.org/8287 http://secunia.com/advisories/12201 http://www.securityfocus.com/bid/10848|ripMIME attachment extraction bypass|85e19dff-e606-11d8-9b0a-000347a4fa7d
{linux-,}opera<7.54|http://www.opera.com/freebsd/changelogs/754/ http://www.greymagic.com/security/advisories/gm008-op/ http://secunia.com/advisories/12233 http://www.osvdb.org/8331|Opera "location" object write access vulnerability|0deed2ce-e6f5-11d8-9a79-000347dd607f
putty<0.55|http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10 http://www.osvdb.org/8299 http://secunia.com/advisories/12212|modified server can execute commands on the client|4424f4db-e697-11d8-bf04-000c763e9a47
-p5-Mail-SpamAssassin<2.64|http://secunia.com/advisories/12255 http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2|SpamAssassin DoS vulnerability|bacbc357-ea65-11d8-9440-000347a4fa7d
cfengine2<2.1.8|http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10 http://secunia.com/advisories/12251|cfengine authentication heap corruption|f2a1dc8b-ea66-11d8-9440-000347a4fa7d
libxine<=1.0.r5_1|http://www.open-security.org/advisories/6 http://secunia.com/advisories/12194 http://sourceforge.net/mailarchive/forum.php?thread_id=5143955&forum_id=11923|libxine vcd MRL input identifier management overflow|bef4515b-eaa9-11d8-9440-000347a4fa7d
rsync<2.6.2_2|http://lists.samba.org/archive/rsync-announce/2004/000017.html http://secunia.com/advisories/12294 |security hole in non-chroot rsync daemon|2689f4cb-ec4c-11d8-9440-000347a4fa7d
@@ -70,5 +69,4 @@ phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://
{ja-,}phpgroupware<0.9.16.002|http://freshmeat.net/releases/168144 http://www.osvdb.org/8354 http://xforce.iss.net/xforce/xfdb/16970|phpGroupWare stores passwords in plain text|82f16a40-ef12-11d8-81b0-000347a4fa7d
gallery<=1.4.4|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d
apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d
-qt>=3.*<3.3.3|http://scary.beasts.org/security/CESA-2004-004.txt http://secunia.com/advisories/12325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693 http://www.osvdb.org/9026 http://xforce.iss.net/xforce/xfdb/17040 http://xforce.iss.net/xforce/xfdb/17041 http://xforce.iss.net/xforce/xfdb/17042|Qt 3.x BMP heap-based overflow, GIF and XPM DoS NULL pointer dereference|eda0ade6-f281-11d8-81b0-000347a4fa7d
a2ps-{a4,letter,letterdj}<4.13b_2|http://www.freebsd.org/cgi/query-pr.cgi?pr=70618|a2ps: Possible execution of shell commands as local user|8091fcea-f35e-11d8-81b0-000347a4fa7d
diff --git a/security/portaudit-db/database/portaudit.xlist b/security/portaudit-db/database/portaudit.xlist
index bae5e818a065..33eed473166e 100644
--- a/security/portaudit-db/database/portaudit.xlist
+++ b/security/portaudit-db/database/portaudit.xlist
@@ -20,3 +20,5 @@ a713c0f9-ec54-11d8-9440-000347a4fa7d
5b8f9a02-ec93-11d8-b913-000c41e2cdad
65a17a3f-ed6e-11d8-aff1-00061bc2ad93
e811aaf1-f015-11d8-876f-00902714cc7c
+ebffe27a-f48c-11d8-9837-000c41e2cdad
+0d3a5148-f512-11d8-9837-000c41e2cdad
diff --git a/security/portaudit-db/database/portaudit.xml b/security/portaudit-db/database/portaudit.xml
index a25db2eaa413..b16497ec3b05 100644
--- a/security/portaudit-db/database/portaudit.xml
+++ b/security/portaudit-db/database/portaudit.xml
@@ -134,8 +134,11 @@ This file is in the public domain.
<cvename>CAN-2004-0631</cvename>
<url>http://secunia.com/advisories/12285</url>
<url>http://xforce.iss.net/xforce/xfdb/16972</url>
+ <url>http://xforce.iss.net/xforce/xfdb/16973</url>
<url>http://www.idefense.com/application/poi/display?id=124&amp;type=vulnerabilities&amp;flashstatus=false</url>
<url>http://www.idefense.com/application/poi/display?id=125&amp;type=vulnerabilities&amp;flashstatus=false</url>
+ <url>http://www.osvdb.org/8654</url>
+ <url>http://www.osvdb.org/8655</url>
</references>
<dates>
<discovery>2004-03-30</discovery>
@@ -763,7 +766,10 @@ This file is in the public domain.
<cvename>CAN-2004-0500</cvename>
<url>http://secunia.com/advisories/12125</url>
<url>http://www.osvdb.org/8382</url>
+ <url>http://www.osvdb.org/8961</url>
+ <url>http://www.osvdb.org/8962</url>
<url>http://www.suse.com/de/security/2004_25_gaim.html</url>
+ <bid>10865</bid>
</references>
<dates>
<discovery>2004-08-12</discovery>
@@ -830,4 +836,67 @@ This file is in the public domain.
<modified>2004-08-16</modified>
</dates>
</vuln>
+
+ <vuln vid="ebffe27a-f48c-11d8-9837-000c41e2cdad">
+ <cancelled superseded="eda0ade6-f281-11d8-81b0-000347a4fa7d"/>
+ </vuln>
+
+ <vuln vid="eda0ade6-f281-11d8-81b0-000347a4fa7d">
+ <topic>Qt 3.x BMP heap-based overflow, GIF and XPM DoS NULL pointer dereference</topic>
+ <affects>
+ <package>
+ <name>qt</name>
+ <range><ge>3.*</ge><lt>3.3.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chris Evans has discovered flaws in th handling of various bitmap
+ formats, allowing the execution of arbitrary code or causing a DoS.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://scary.beasts.org/security/CESA-2004-004.txt</url>
+ <url>http://secunia.com/advisories/12325</url>
+ <cvename>CAN-2004-0691</cvename>
+ <cvename>CAN-2004-0692</cvename>
+ <cvename>CAN-2004-0693</cvename>
+ <url>http://www.osvdb.org/9026</url>
+ <url>http://xforce.iss.net/xforce/xfdb/17040</url>
+ <url>http://xforce.iss.net/xforce/xfdb/17041</url>
+ <url>http://xforce.iss.net/xforce/xfdb/17042</url>
+ </references>
+ <dates>
+ <discovery>2000-08-18</discovery>
+ <entry>2004-08-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0d3a5148-f512-11d8-9837-000c41e2cdad">
+ <cancelled superseded="bacbc357-ea65-11d8-9440-000347a4fa7d"/>
+ </vuln>
+
+ <vuln vid="bacbc357-ea65-11d8-9440-000347a4fa7d">
+ <topic>SpamAssassin DoS vulnerability</topic>
+ <affects>
+ <package>
+ <name>p5-Mail-SpamAssassin</name>
+ <range><lt>2.64</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Unspecified malformed messages can be used to
+ cause a DoS (Denial of Service).</p>
+ </body>
+ </description>
+ <references>
+ <url>http://secunia.com/advisories/12255</url>
+ <mlist msgid="20040805034902.6DF465900BB@radish.jmason.org>">http://marc.theaimsgroup.com/?l=spamassassin-announce&amp;m=109168121628767&amp;w=2</mlist>
+ </references>
+ <dates>
+ <discovery>2004-08-05</discovery>
+ <entry>2004-08-10</entry>
+ </dates>
+ </vuln>
</vuxml>