aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2004-04-15 01:18:52 +0800
committernectar <nectar@FreeBSD.org>2004-04-15 01:18:52 +0800
commitfff6866847224859ef6cfe5a081cc7878900f79c (patch)
tree6d7cc66f8f2c71214a9e097d5f7459f5b5fd262e /security
parent76b99a9048dec4d2179d2e730fbb3900422f9dfc (diff)
downloadfreebsd-ports-graphics-fff6866847224859ef6cfe5a081cc7878900f79c.tar.gz
freebsd-ports-graphics-fff6866847224859ef6cfe5a081cc7878900f79c.tar.zst
freebsd-ports-graphics-fff6866847224859ef6cfe5a081cc7878900f79c.zip
Add CVS vulnerabilities.
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml42
1 files changed, 42 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index c87b1222847..cc88f43778c 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -30,6 +30,48 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="0792e7a7-8e37-11d8-90d1-0020ed76ef5a">
+ <topic>CVS path validation errors</topic>
+ <affects>
+ <package>
+ <name>cvs+ipv6</name>
+ <range><le>1.11.5_1</le></range>
+ </package>
+ <system>
+ <name>FreeBSD</name>
+ <range><ge>0</ge></range>
+ </system>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Two programming errors were discovered in which path names
+ handled by CVS were not properly validated. In one case,
+ the CVS client accepts absolute path names from the server
+ when determining which files to update. In another case,
+ the CVS server accepts relative path names from the client
+ when determining which files to transmit, including those
+ containing references to parent directories (`../').</p>
+ <p>These programming errors generally only have a security
+ impact when dealing with remote CVS repositories.</p>
+ <p>A malicious CVS server may cause a CVS client to overwrite
+ arbitrary files on the client's system.</p>
+ <p>A CVS client may request RCS files from a remote system
+ other than those in the repository specified by $CVSROOT.
+ These RCS files need not be part of any CVS repository
+ themselves.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2004-0180</cvename>
+ <url>http://ccvs.cvshome.org/servlets/NewsItemView?newsID=102</url>
+ <freebsdsa>SA-04:07.cvs</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2004-04-14</discovery>
+ <entry>2004-04-14</entry>
+ </dates>
+ </vuln>
+
<vuln vid="ccd698df-8e20-11d8-90d1-0020ed76ef5a">
<topic>racoon remote denial of service vulnerability
(ISAKMP header length field)</topic>