From owner-svn-ports-all@FreeBSD.ORG Wed Jan 30 18:34:03 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 7C5F2D9; Wed, 30 Jan 2013 18:34:03 +0000 (UTC) (envelope-from pawel@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 557A3DF5; Wed, 30 Jan 2013 18:34:03 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r0UIY3o1042643; Wed, 30 Jan 2013 18:34:03 GMT (envelope-from pawel@svn.freebsd.org) Received: (from pawel@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r0UIY3AL042642; Wed, 30 Jan 2013 18:34:03 GMT (envelope-from pawel@svn.freebsd.org) Message-Id: <201301301834.r0UIY3AL042642@svn.freebsd.org> From: Pawel Pekala Date: Wed, 30 Jan 2013 18:34:03 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r311253 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jan 2013 18:34:03 -0000 Author: pawel Date: Wed Jan 30 18:34:02 2013 New Revision: 311253 URL: http://svnweb.freebsd.org/changeset/ports/311253 Log: Document devel/upnp vulnerabilities Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jan 30 18:32:55 2013 (r311252) +++ head/security/vuxml/vuln.xml Wed Jan 30 18:34:02 2013 (r311253) @@ -51,6 +51,54 @@ Note: Please add new entries to the beg --> + + upnp -- multiple vulnerabilities + + + upnp + 1.6.18 + + + + +

Project changelog reports:

+
This patch addresses three possible buffer overflows in + function unique_service_name().The three issues have the + folowing CVE numbers:
+
+
CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf
+
CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN
+
CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN
+
+
Notice that the following issues have already been dealt by + previous work:
+
+
CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN
+
CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType
+
CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN
+
CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType
+
CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType
+
+

+ + + + CVE-2012-5958 + CVE-2012-5959 + CVE-2012-5960 + CVE-2012-5961 + CVE-2012-5962 + CVE-2012-5963 + CVE-2012-5964 + CVE-2012-5965 + + + 2012-11-21 + 2013-01-30 + + + wordpress -- multiple vulnerabilities