diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 031426922f8e..460e82c27a94 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -790,7 +790,7 @@ Note: Please add new entries to the beginning of this file. </vuln> <vuln vid="87106b67-be13-11dd-a578-0030843d3802"> - <topic>cups -- multiple vulnerabilities</topic> + <topic>cups -- potential buffer overflow in PNG reading code</topic> <affects> <package> <name>cups-base</name> @@ -799,27 +799,24 @@ Note: Please add new entries to the beginning of this file. </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>The cups reports:</p> - <blockquote cite="http://www.cups.org/str.php?L2974"> - <p>The PNG image reading code did not validate the image size - properly, leading to a potential buffer overflow (STR #2974)</p> - <p>The web interface (cgi-bin/admin.c) in CUPS uses the - guest username when a user is not logged on to the web server, which - makes it easier for remote attackers to bypass intended policy and - conduct CSRF attacks via the (1) add and (2) cancel RSS subscription - functions.</p> + <p>CUPS reports:</p> + <blockquote cite="http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt"> + <p>The PNG image reading code did not validate the + image size properly, leading to a potential buffer overflow + (STR #2974)</p> </blockquote> </body> </description> <references> - <cvename>CVE-2008-1722</cvename> - <cvename>CVE-2008-5184</cvename> - <url>http://secunia.com/advisories/30190</url> + <cvename>CVE-2008-5286</cvename> <url>http://www.cups.org/str.php?L2974</url> + <url>http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt</url> + <url>http://www.openwall.com/lists/oss-security/2008/11/25/2</url> </references> <dates> <discovery>2008-10-17</discovery> <entry>2008-11-29</entry> + <modified>2008-12-25</modified> </dates> </vuln> |