Date: Tue, 19 Nov 2019 08:25:04 +0000 (UTC) From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r517944 - head/security/vuxml Message-ID: <201911190825.xAJ8P4UD040254@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: joneum Date: Tue Nov 19 08:25:04 2019 New Revision: 517944 URL: https://svnweb.freebsd.org/changeset/ports/517944 Log: Add entry for www/squid PR: 241976 Sponsored by: Netzkommune GmbH Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Nov 19 08:17:31 2019 (r517943) +++ head/security/vuxml/vuln.xml Tue Nov 19 08:25:04 2019 (r517944) @@ -58,6 +58,39 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="620685d6-0aa3-11ea-9673-4c72b94353b5"> + <topic>squid -- Vulnerable to HTTP Digest Authentication</topic> + <affects> + <package> + <name>squid</name> + <range><lt>4.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Squid Team reports:</p> + <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2019_11.txt">; + <p>Problem Description: Due to incorrect data management Squid is + vulnerable to a information disclosure when processing HTTP Digest + Authentication.</p> + <p>Severity: Nonce tokens contain the raw byte value of a pointer which sits + within heap memory allocation. This information reduces ASLR protections + and may aid attackers isolating memory areas to target for remote code + execution attacks.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.squid-cache.org/Advisories/SQUID-2019_11.txt</url>; + <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679</url>; + <cvename>CVE-2019-18679</cvename> + </references> + <dates> + <discovery>2019-11-05</discovery> + <entry>2019-11-19</entry> + </dates> + </vuln> + <vuln vid="f04f840d-0840-11ea-8d66-75d3253ef913"> <topic>libidn2 -- roundtrip check vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201911190825.xAJ8P4UD040254>