Date: Wed, 5 Jul 2017 06:33:07 +0000 (UTC) From: Alexey Dokuchaev <danfe@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r445050 - head/security/vuxml Message-ID: <201707050633.v656X7Ax044041@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: danfe Date: Wed Jul 5 06:33:07 2017 New Revision: 445050 URL: https://svnweb.freebsd.org/changeset/ports/445050 Log: Another round of spelling fixes, covering entries of the year 2015. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 5 06:33:05 2017 (r445049) +++ head/security/vuxml/vuln.xml Wed Jul 5 06:33:07 2017 (r445050) @@ -3297,7 +3297,7 @@ maliciously crafted GET request to the Horde server.</ </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>The phpMYAdmin team reports:</p> + <p>The phpMyAdmin team reports:</p> <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-8/">; <h3>Summary</h3> <p>Bypass $cfg['Servers'][$i]['AllowNoPassword']</p> @@ -4355,7 +4355,7 @@ maliciously crafted GET request to the Horde server.</ <p>The Xen Project reports:</p> <blockquote cite="http://xenbits.xen.org/xsa/advisory-209.html">; <p>In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine - cirrus_bitblt_cputovideo fails to check wethehr the specified + cirrus_bitblt_cputovideo fails to check whether the specified memory region is safe. A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation.</p> @@ -9220,7 +9220,7 @@ maliciously crafted GET request to the Horde server.</ </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>The phpMYAdmin development team reports:</p> + <p>The phpMyAdmin development team reports:</p> <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-57/">; <h3>Summary</h3> <p>Open redirection</p> @@ -17351,7 +17351,7 @@ and CVE-2013-0155.</p> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>The phpMYAdmin development team reports:</p> + <p>The phpMyAdmin development team reports:</p> <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-17/">; <h3>Summary</h3> <p>BBCode injection vulnerability</p> @@ -29253,7 +29253,7 @@ and CVE-2013-0155.</p> </blockquote> <blockquote cite="https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html">; <h2>[20151203] - Core - Directory Traversal</h2> - <p>Failure to properly sanitise input data from the XML install file + <p>Failure to properly sanitize input data from the XML install file located within an extension's package archive allows for directory traversal.</p> </blockquote> @@ -30561,7 +30561,7 @@ and CVE-2013-0155.</p> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Google Chrome Releases reports:</p> <blockquote cite="http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update.html">; - <p>41 security fixes in this release, inclduding:</p> + <p>41 security fixes in this release, including:</p> <ul> <li>[558589] Critical CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous.</li> @@ -30836,7 +30836,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="ecc268f2-8fc2-11e5-918c-bcaec565249c"> - <topic>libxslt -- DoS vulnability due to type confusing error</topic> + <topic>libxslt -- DoS vulnerability due to type confusing error</topic> <affects> <package> <name>libsxlt</name> @@ -31654,7 +31654,7 @@ and CVE-2013-0155.</p> <blockquote cite="http://xenbits.xen.org/xsa/advisory-148.html">; <p>The code to validate level 2 page table entries is bypassed when certain conditions are satisfied. This means that a PV guest can - create writeable mappings using super page mappings. Such writeable + create writable mappings using super page mappings. Such writable mappings can violate Xen intended invariants for pages which Xen is supposed to keep read-only. This is possible even if the "allowsuperpage" command line option is not used.</p> @@ -32267,7 +32267,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="beb3d5fc-7ac5-11e5-b35a-002590263bf5"> - <topic>Joomla! -- Core - Unauthorised Login vulnerability</topic> + <topic>Joomla! -- Core - Unauthorized Login vulnerability</topic> <affects> <package> <name>joomla3</name> @@ -32283,8 +32283,8 @@ and CVE-2013-0155.</p> <body xmlns="http://www.w3.org/1999/xhtml">; <p>The JSST and the Joomla! Security Center report:</p> <blockquote cite="http://developer.joomla.org/security-centre/594-20140902-core-unauthorised-logins.html">; - <h2>[20140902] - Core - Unauthorised Logins</h2> - <p>Inadequate checking allowed unauthorised logins via LDAP + <h2>[20140902] - Core - Unauthorized Logins</h2> + <p>Inadequate checking allowed unauthorized logins via LDAP authentication.</p> </blockquote> </body> @@ -33041,7 +33041,7 @@ and CVE-2013-0155.</p> some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this - constitutues a security issue, allowing execution of arbitrary + constitutes a security issue, allowing execution of arbitrary commands if an attacker has control over the text displayed in a menu.</p> </blockquote> @@ -34228,7 +34228,7 @@ and CVE-2013-0155.</p> built with OpenSSL and configured for "SSL-Bump" decryption.</p> <p>Integer overflows can lead to invalid pointer math reading from random memory on some CPU architectures. In the best case this leads - to wrong TLS extensiosn being used for the client, worst-case a + to wrong TLS extensions being used for the client, worst-case a crash of the proxy terminating all active transactions.</p> <p>Incorrect message size checks and assumptions about the existence of TLS extensions in the SSL/TLS handshake message can lead to very @@ -34383,9 +34383,9 @@ and CVE-2013-0155.</p> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Qinghao Tang reports:</p> <blockquote cite="http://seclists.org/oss-sec/2015/q3/559">; - <p>The function ParseExtension() in openslp 1.2.1 exists a - vulnerability , an attacher can cause a denial of service - (infinite loop) via a packet with crafted "nextoffset" + <p>The function ParseExtension() in openslp 1.2.1 contains + vulnerability: an attacker can cause a denial of service + (infinite loop) via a packet with crafted "nextoffset" value and "extid" value.</p> </blockquote> </body> @@ -36107,7 +36107,7 @@ and CVE-2013-0155.</p> <blockquote cite="http://xenbits.xen.org/xsa/advisory-140.html">; <p>The QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation. This results in - uninitialised memory from the QEMU process's heap being leaked to + uninitialized memory from the QEMU process's heap being leaked to the domain as well as to the network.</p> <p>A guest may be able to read sensitive host-level data relating to itself which resides in the QEMU process.</p> @@ -37844,7 +37844,7 @@ and CVE-2013-0155.</p> <blockquote cite="http://seclists.org/oss-sec/2015/q3/121">; <p>Description</p> <p>When an application has Groovy on the classpath and that - it uses standard Java serialization mechanim to communicate + it uses standard Java serialization mechanism to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications @@ -38420,7 +38420,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="379788f3-2900-11e5-a4a5-002590263bf5"> - <topic>freeradius -- insufficent CRL application vulnerability</topic> + <topic>freeradius -- insufficient CRL application vulnerability</topic> <affects> <package> <name>freeradius2</name> @@ -38615,7 +38615,7 @@ and CVE-2013-0155.</p> through PCI devices not explicitly dealt with for (partial) emulation purposes.</p> <p>Since the effect depends on the specific purpose of the the config - space field, it's not possbile to give a general statement about the + space field, it's not possible to give a general statement about the exact impact on the host or other guests. Privilege escalation, host crash (Denial of Service), and leaked information all cannot be excluded.</p> @@ -39019,7 +39019,7 @@ and CVE-2013-0155.</p> <body xmlns="http://www.w3.org/1999/xhtml">; <p>The Xen Project reports:</p> <blockquote cite="http://xenbits.xen.org/xsa/advisory-118.html">; - <p>On ARM systems the code which deals with virtualising the GIC + <p>On ARM systems the code which deals with virtualizing the GIC distributor would, under various circumstances, log messages on a guest accessible code path without appropriate rate limiting.</p> <p>A malicious guest could cause repeated logging to the hypervisor @@ -39843,7 +39843,7 @@ and CVE-2013-0155.</p> <p>The Page allocation is moved into textcommon.c, where it does all the necessary checking: lower-bounds for CVE-2015-3258 and upper-bounds for CVE-2015-3259 due to integer overflows for the calloc() call - initialising Page[0] and the memset() call in texttopdf.c's + initializing Page[0] and the memset() call in texttopdf.c's WritePage() function zeroing the entire array.</p> </blockquote> </body> @@ -39979,7 +39979,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="0d0f3050-1f69-11e5-9ba9-d050996490d0"> - <topic>ntp -- control message remote Deinal of Service vulnerability</topic> + <topic>ntp -- control message remote Denial of Service vulnerability</topic> <affects> <package> <name>ntp</name> @@ -40603,7 +40603,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="0f154810-16e4-11e5-a1cf-002590263bf5"> - <topic>rubygem-paperclip -- validation bypass vulnerabilitiy</topic> + <topic>rubygem-paperclip -- validation bypass vulnerability</topic> <affects> <package> <name>rubygem-paperclip</name> @@ -40707,7 +40707,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="a3929112-181b-11e5-a1cf-002590263bf5"> - <topic>cacti -- Multiple XSS and SQL injection vulerabilities</topic> + <topic>cacti -- Multiple XSS and SQL injection vulnerabilities</topic> <affects> <package> <name>cacti</name> @@ -40720,7 +40720,7 @@ and CVE-2013-0155.</p> <blockquote cite="http://www.cacti.net/release_notes_0_8_8d.php">; <p>Important Security Fixes</p> <ul> - <li>Multiple XSS and SQL injection vulerabilities</li> + <li>Multiple XSS and SQL injection vulnerabilities</li> </ul> <p>Changelog</p> <ul> @@ -40930,7 +40930,7 @@ and CVE-2013-0155.</p> connection is already kept alive.</p> <p>With this flaw present, using the handle even after a reset would make libcurl accidentally use - those credentials in a subseqent request if done + those credentials in a subsequent request if done to the same host name and connection as was previously accessed.</p> <p>An example case would be first requesting a password @@ -40950,7 +40950,7 @@ and CVE-2013-0155.</p> to figure out what data range to send back.</p> <p>The values are used and trusted without boundary checks and are just assumed to be valid. This allows - carefully handicrafted packages to trick libcurl + carefully handcrafted packages to trick libcurl into responding and sending off data that was not intended. Or just crash if the values cause libcurl to access invalid memory.</p> @@ -41202,7 +41202,7 @@ and CVE-2013-0155.</p> <li>Malformed ECParameters causes infinite loop (CVE-2015-1788)</li> <li>Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)</li> - <li>iPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)</li> + <li>PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)</li> <li>CMS verify infinite loop with unknown hash function (CVE-2015-1792)</li> <li>Race condition handling NewSessionTicket (CVE-2015-1791)</li> @@ -41533,7 +41533,7 @@ and CVE-2013-0155.</p> <blockquote cite="http://seclists.org/oss-sec/2015/q2/633">; <p>tidy is affected by a write out of bounds when processing malformed html files.</p> <p>This issue could be abused on server side applications that use php-tidy extension with user input.</p> - <p>The issue was confirmed, analysed and fixed by the tidy5 maintainer.</p> + <p>The issue was confirmed, analyzed, and fixed by the tidy5 maintainer.</p> </blockquote> </body> </description> @@ -42171,10 +42171,10 @@ and CVE-2013-0155.</p> <p>cURL reports:</p> <blockquote cite="http://curl.haxx.se/docs/adv_20150422A.html">; <p>libcurl keeps a pool of its last few connections around - after use to fascilitate easy, conventient and completely + after use to facilitate easy, convenient, and completely transparent connection re-use for applications.</p> <p>When doing HTTP requests NTLM authenticated, the entire - connnection becomes authenticated and not just the + connection becomes authenticated and not just the specific HTTP request which is otherwise how HTTP works. This makes NTLM special and a subject for special treatment in the code. With NTLM, once the connection is @@ -42183,7 +42183,7 @@ and CVE-2013-0155.</p> </blockquote> <blockquote cite="http://curl.haxx.se/docs/adv_20150422B.html">; <p>When doing HTTP requests Negotiate authenticated, the - entire connnection may become authenticated and not just + entire connection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that @@ -42764,7 +42764,7 @@ and CVE-2013-0155.</p> <blockquote cite="http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html">; <p>RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. - This mechanism is implemented via DNS, specificly a SRV record + This mechanism is implemented via DNS, specifically a SRV record _rubygems._tcp under the original requested domain.</p> <p>RubyGems did not validate the hostname returned in the SRV record before sending requests to it. This left clients open to a DNS @@ -43304,7 +43304,7 @@ and CVE-2013-0155.</p> </vuln> <vuln vid="b13af778-f4fc-11e4-a95d-ac9e174be3af"> - <topic>Vulnerablitiy in HWP document filter</topic> + <topic>Vulnerability in HWP document filter</topic> <affects> <package> <name>libreoffice</name> @@ -43698,12 +43698,12 @@ and CVE-2013-0155.</p> upgrade to this version.</p> <p>The PHP development team announces the immediate availability of PHP 5.5.24. Several bugs have been - fixed some of them beeing security related, like + fixed, some of them being security related, like CVE-2015-1351 and CVE-2015-1352. All PHP 5.5 users are encouraged to upgrade to this version.</p> <p>The PHP development team announces the immediate availability of PHP 5.6.8. Several bugs have been - fixed some of them beeing security related, like + fixed, some of them being security related, like CVE-2015-1351 and CVE-2015-1352. All PHP 5.6 users are encouraged to upgrade to this version.</p> </blockquote> @@ -44966,7 +44966,7 @@ and CVE-2013-0155.</p> [Client] (CVE-2015-0204). OpenSSL only.</li> <li>Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)</li> <li>ASN.1 structure reuse memory corruption (CVE-2015-0287)</li> - <li>PKCS7 NULL pointer dereferences (CVE-2015-0289)</li> + <li>PKCS#7 NULL pointer dereferences (CVE-2015-0289)</li> <li>Base64 decode (CVE-2015-0292). OpenSSL only.</li> <li>DoS via reachable assert in SSLv2 servers (CVE-2015-0293). OpenSSL only.</li> @@ -45383,7 +45383,7 @@ and CVE-2013-0155.</p> <p>Richard J. Moore reports:</p> <blockquote cite="http://lists.qt-project.org/pipermail/announce/2015-February/000059.html">; <p>The builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug - that would lead to a divsion by zero when loading certain corrupt + that would lead to a division by zero when loading certain corrupt BMP files. This in turn would cause the application loading these hand crafted BMPs to crash.</p> </blockquote> @@ -45681,7 +45681,7 @@ and CVE-2013-0155.</p> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Samba developement team reports:</p> + <p>Samba development team reports:</p> <blockquote cite="https://www.samba.org/samba/security/CVE-2015-0240">; <p>All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability @@ -46233,7 +46233,7 @@ and CVE-2013-0155.</p> user who is viewing connected clients.</li> </ul> <p>In all cases, the attacker needs a valid user account on the - targetted RabbitMQ cluster.</p> + targeted RabbitMQ cluster.</p> <p>Furthermore, some admin-controllable content was not properly escaped:</p> <ul> @@ -47421,7 +47421,7 @@ and CVE-2013-0155.</p> <p>The Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and - pervious versions allow attackers to overflow several + previous versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator @@ -72003,7 +72003,7 @@ executed in your Internet Explorer while displaying th </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>The phpMYAdmin development team reports:</p> + <p>The phpMyAdmin development team reports:</p> <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php">; <p>The show_config_errors.php scripts did not validate the presence of the configuration file, so an error message shows the full path
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707050633.v656X7Ax044041>