From b1f5b4c52244d430b1f15d6dcef4b3bee9339d55 Mon Sep 17 00:00:00 2001 From: dch Date: Wed, 11 Jul 2018 13:09:47 +0000 Subject: security/vuxml: add CVE for Apache CouchDB 1.7.2 (databases/couchdb) Approved by: jrm Differential Revision: https://reviews.freebsd.org/D16212 --- security/vuxml/vuln.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 89f6a4ef3663..56c7ff446bf6 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,39 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + couchdb -- multiple vulnerabilities + + + databases/couchdb + 1.7.2 + + + + +

Apache CouchDB PMC reports:

+
Database Administrator could achieve privilege escalation to + the account that CouchDB runs under, by abusing insufficient validation + in the HTTP API, escaping security controls implemented in previous + releases.
+

+ + + + https://blog.couchdb.org/2018/07/10/cve-2018-8007/ + CVE-2018-8007 + https://blog.couchdb.org/2017/11/14/apache-couchdb-cve-2017-12635-and-cve-2017-12636/ + CVE-2017-12636 + CVE-2017-12635 + https://lists.apache.org/thread.html/6fa798e96686b7b0013ec2088140d00aeb7d34487d3f5ad032af6934@%3Cdev.couchdb.apache.org%3E + + + 2017-11-14 + 2018-07-10 + + + clamav -- multiple vulnerabilities -- cgit