diff options
| author | brnrd <brnrd@FreeBSD.org> | 2016-11-02 16:11:15 +0800 |
|---|---|---|
| committer | brnrd <brnrd@FreeBSD.org> | 2016-11-02 16:11:15 +0800 |
| commit | a3fa386bf78105d7d8f80896eaa81faca4e469bf (patch) | |
| tree | 5c9189ce75a090fb8b753334f137e272adae4147 /security | |
| parent | b9fa7b5b2ef914bf1ced8e7b8be94d9f4ecef842 (diff) | |
| download | freebsd-ports-graphics-a3fa386bf78105d7d8f80896eaa81faca4e469bf.tar.gz freebsd-ports-graphics-a3fa386bf78105d7d8f80896eaa81faca4e469bf.tar.zst freebsd-ports-graphics-a3fa386bf78105d7d8f80896eaa81faca4e469bf.zip | |
security/vuxml: Document 2016-11-02 cURL vulnerabilities
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3f4a8e2361d..f0f68f06cfd 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,54 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="765feb7d-a0d1-11e6-a881-b499baebfeaf"> + <topic>cURL -- multiple vulnerabilities</topic> + <affects> + <package> + <name>curl</name> + <range><ge>7.1</ge><lt>7.51.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The cURL project reports</p> + <blockquote cite="https://curl.haxx.se/docs/security.html"> + <ul> + <li>cookie injection for other servers</li> + <li>case insensitive password comparison</li> + <li>OOB write via unchecked multiplication</li> + <li>double-free in curl_maprintf</li> + <li>double-free in krb5 code</li> + <li>glob parser write/read out of bounds</li> + <li>curl_getdate read out of bounds</li> + <li>URL unescape heap overflow via integer truncation</li> + <li>Use-after-free via shared cookies</li> + <li>invalid URL parsing with '#'</li> + <li>IDNA 2003 makes curl use wrong host</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://curl.haxx.se/docs/security.html</url> + <cvename>CVE-2016-8615</cvename> + <cvename>CVE-2016-8616</cvename> + <cvename>CVE-2016-8617</cvename> + <cvename>CVE-2016-8618</cvename> + <cvename>CVE-2016-8619</cvename> + <cvename>CVE-2016-8620</cvename> + <cvename>CVE-2016-8621</cvename> + <cvename>CVE-2016-8622</cvename> + <cvename>CVE-2016-8623</cvename> + <cvename>CVE-2016-8624</cvename> + <cvename>CVE-2016-8625</cvename> + </references> + <dates> + <discovery>2016-11-02</discovery> + <entry>2016-11-02</entry> + </dates> + </vuln> + <vuln vid="0b8d01a4-a0d2-11e6-9ca2-d050996490d0"> <topic>BIND -- Remote Denial of Service vulnerability</topic> <affects> |