Date: Thu, 12 Jan 2012 22:37:34 +0100 From: Ralf van der Enden <tremere@cainites.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: secteam@FreeBSD.org Subject: ports/164066: [PATCH] security/vuxml: add entry for PowerDNS DoS vulnerability Message-ID: <E1RlSL0-0009kj-CM@cainites.net> Resent-Message-ID: <201201122140.q0CLe9JH082869@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 164066 >Category: ports >Synopsis: [PATCH] security/vuxml: add entry for PowerDNS DoS vulnerability >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Jan 12 21:40:09 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Ralf van der Enden >Release: FreeBSD 9.0-RELEASE amd64 >Organization: >Environment: System: FreeBSD lan.cainites.net 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Fri Jan 6 13:52:37 CET >Description: Add entry for PowerDNS DoS vulnerability If this is not the way to add entries to vuxml I'm willing to learn how. I've read the docs on http://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html but that doesn't explain how to actually submit it. Port maintainer (secteam@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 0.99 >How-To-Repeat: >Fix: --- vuxml-1.1_1.patch begins here --- diff -ruN --exclude=CVS /usr/ports/security/vuxml.orig/vuln.xml /usr/ports/security/vuxml/vuln.xml --- /usr/ports/security/vuxml.orig/vuln.xml 2012-01-11 19:32:21.000000000 +0100 +++ /usr/ports/security/vuxml/vuln.xml 2012-01-12 22:14:13.000000000 +0100 @@ -47,6 +47,34 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="3338f87c-3d5f-11e1-a00a-000c6eb41cf7"> + <topic>PowerDNS -- Denial of Service Vulnerability</topic> + <affects> + <package> + <name>powerdns</name> + <name>powerdns-devel</name> + <range><lt>3.0.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The PowerDNS Team reports:</p> + <blockquote cite="http://www.powerdns.com/news/powerdns-security-advisory-2012-01.html">; + <p>Using well crafted UDP packets, one or more PowerDNS servers + could be made to enter a tight packet loop, causing temporary + denial of service.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-0206</cvename> + </references> + <dates> + <discovery>2012-01-10</discovery> + <entry>2012-01-12</entry> + </dates> + </vuln> + <vuln vid="d3921810-3c80-11e1-97e8-00215c6a37bb"> <topic>php -- multiple vulnerabilities</topic> <affects> --- vuxml-1.1_1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1RlSL0-0009kj-CM>