aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2005-06-04 01:56:42 +0800
committernectar <nectar@FreeBSD.org>2005-06-04 01:56:42 +0800
commit6a88e4c9d16ca5e5a206fd9774fe503991d7a73e (patch)
tree0c8ac456ef085cb2fa9f4c1256b6732daf594212 /security
parent1ee21da1532d8f677f5f136a51b6fdf60050b6c4 (diff)
downloadfreebsd-ports-graphics-6a88e4c9d16ca5e5a206fd9774fe503991d7a73e.tar.gz
freebsd-ports-graphics-6a88e4c9d16ca5e5a206fd9774fe503991d7a73e.tar.zst
freebsd-ports-graphics-6a88e4c9d16ca5e5a206fd9774fe503991d7a73e.zip
Correct and improve recent xli entry:
* It actually affected xloadimage and xli * A slightly better topic than just "buffer overflows" * More refererences * Fix the version number for xli... it is still vulnerable as of this writing
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml20
1 files changed, 15 insertions, 5 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index cd7be105d5a..3ff95ea7f83 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -33,22 +33,32 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="8c1da77d-d3e9-11d9-8ffb-00061bc2ad93">
- <topic>xli -- buffer overflows</topic>
+ <topic>xloadimage -- buffer overflow in FACES image handling</topic>
<affects>
<package>
<name>xli</name>
- <range><lt>1.17.0_1</lt></range>
+ <range><le>1.17.0_1</le></range>
+ </package>
+ <package>
+ <name>xloadimage</name>
+ <range><lt>4.1.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Buffer overflow in xloadimage may allow an attacker
- to execute arbitrary commands via a FACES format image.</p>
+ <p>In 2001, zen-parse discovered a buffer overflow in
+ xloadimage's FACES image loader. A maliciously crafted image
+ could cause xloadimage to execute arbitrary code. A published
+ exploit exists for this vulnerability.</p>
+ <p>In 2005, Rob Holland discovered that the same vulnerability
+ was present in xli.</p>
</body>
</description>
<references>
<cvename>CAN-2001-0775</cvename>
- <url>http://www.debian.org/security/2005/dsa-695</url>
+ <mlist>http://marc.theaimsgroup.com/?l=bugtraq&amp;m=99477230306845</mlist>
+ <url>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=46186</url>
+ <url>http://bugs.gentoo.org/show_bug.cgi?id=79762</url>
</references>
<dates>
<discovery>2000-02-19</discovery>