Date: Thu, 6 Mar 2014 13:25:28 +0000 (UTC) From: Baptiste Daroussin <bapt@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r347197 - branches/2014Q1/security/vuxml Message-ID: <201403061325.s26DPSiQ005507@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bapt Date: Thu Mar 6 13:25:28 2014 New Revision: 347197 URL: http://svnweb.freebsd.org/changeset/ports/347197 QAT: https://qat.redports.org/buildarchive/r347197/ Log: MFH: r347193 Reference xmms vulnerabilities: CVE-2007-0653 and CVE-2007-0654 Modified: branches/2014Q1/security/vuxml/vuln.xml Directory Properties: branches/2014Q1/ (props changed) Modified: branches/2014Q1/security/vuxml/vuln.xml ============================================================================== --- branches/2014Q1/security/vuxml/vuln.xml Thu Mar 6 13:17:49 2014 (r347196) +++ branches/2014Q1/security/vuxml/vuln.xml Thu Mar 6 13:25:28 2014 (r347197) @@ -51,6 +51,46 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="20e23b65-a52e-11e3-ae3a-00224d7c32a2"> + <topic>xmms -- Integer Overflow And Underflow Vulnerabilities</topic> + <affects> + <package> + <name>xmms</name> + <range><le>1.2.11_20</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/secunia_research/2007-47/advisory/">; + <p>Secunia Research has discovered two vulnerabilities in XMMS, which can + be exploited by malicious people to compromise a user's system.</p> + + <p>1) An integer underflow error exists in the processing of skin bitmap + images. This can be exploited to cause a stack-based buffer overflow + via specially crafted skin images containing manipulated header + information.</p> + + <p>Successful exploitation allows execution of arbitrary code.</p> + + <p>2) An integer overflow error exists in the processing of skin bitmap + images. This can be exploited to cause memory corruption via specially + crafted skin images containing manipulated header information.</p> + + <p>Successful exploitation may allow the execution of arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-0653</cvename> + <cvename>CVE-2007-0654</cvename> + </references> + <dates> + <discovery>2007-02-06</discovery> + <entry>2014-03-06</entry> + </dates> + </vuln> + <vuln vid="89db3b31-a4c3-11e3-978f-f0def16c5c1b"> <topic>nginx -- SPDY memory corruption</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403061325.s26DPSiQ005507>