Date: Sun, 26 Aug 2012 01:44:43 +0000 (UTC) From: Alberto Villa <avilla@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r303172 - head/security/vuxml Message-ID: <201208260144.q7Q1ihut034654@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: avilla Date: Sun Aug 26 01:44:43 2012 New Revision: 303172 URL: http://svn.freebsd.org/changeset/ports/303172 Log: - Document Calligra input validation failure. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Aug 26 01:11:21 2012 (r303171) +++ head/security/vuxml/vuln.xml Sun Aug 26 01:44:43 2012 (r303172) @@ -51,6 +51,46 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="aa4d3d73-ef17-11e1-b593-00269ef07d24"> + <topic>Calligra, KOffice -- input validation failure</topic> + <affects> + <package> + <name>koffice</name> + <range><le>1.6.3_18,2</le></range> + </package> + <package> + <name>koffice-kde4</name> + <range><le>2.3.3_7</le></range> + </package> + <package> + <name>calligra</name> + <range><lt>2.5.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>KDE Security Advisory reports:</p> + <blockquote cite="http://www.kde.org/info/security/advisory-20120810-1.txt">; + <p>A flaw has been found which can allow malicious code to take + advantage of an input validation failure in the Microsoft import + filter in Calligra and KOffice. Exploitation can allow the attacker + to gain control of the running process and execute code on its + behalf.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-3455</cvename> + <cvename>CVE-2012-3456</cvename> + <url>http://www.kde.org/info/security/advisory-20120810-1.txt</url>; + <url>http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf</url>; + </references> + <dates> + <discovery>2012-08-10</discovery> + <entry>2012-08-26</entry> + </dates> + </vuln> + <vuln vid="ce680f0a-eea6-11e1-8bd8-0022156e8794"> <topic>squidclamav -- cross-site scripting in default virus warning pages</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208260144.q7Q1ihut034654>