Date: Sat, 31 Oct 2020 21:26:52 +0000 (UTC) From: "Timur I. Bakeyev" <timur@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r553795 - head/security/vuxml Message-ID: <202010312126.09VLQqMZ021948@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: timur Date: Sat Oct 31 21:26:52 2020 New Revision: 553795 URL: https://svnweb.freebsd.org/changeset/ports/553795 Log: Add an entry about recent Samba vulnerabilities Security: CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Oct 31 20:24:42 2020 (r553794) +++ head/security/vuxml/vuln.xml Sat Oct 31 21:26:52 2020 (r553795) @@ -58,6 +58,52 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9ca85b7c-1b31-11eb-8762-005056a311d1"> + <topic>samba -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>samba410</name> + <range><le>4.10.18</le></range> + </package> + <package> + <name>samba411</name> + <range><lt>4.11.15</lt></range> + </package> + <package> + <name>samba412</name> + <range><lt>4.12.9</lt></range> + </package> + <package> + <name>samba413</name> + <range><lt>4.13.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Samba Team reports:</p> + <blockquote cite="https://www.samba.org/samba/history/security.html"> + <ul> + <li>CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify</li> + <li>CVE-2020-14323: Unprivileged user can crash winbind</li> + <li>CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://www.samba.org/samba/security/CVE-2020-14318.html</url> + <url>https://www.samba.org/samba/security/CVE-2020-14323.html</url> + <url>https://www.samba.org/samba/security/CVE-2020-14383.html</url> + <cvename>CVE-2020-14318</cvename> + <cvename>CVE-2020-14323</cvename> + <cvename>CVE-2020-14383</cvename> + </references> + <dates> + <discovery>2020-10-29</discovery> + <entry>2020-10-30</entry> + </dates> + </vuln> + <vuln vid="8827134c-1a8f-11eb-9bb0-08002725d892"> <topic>tmux -- stack overflow in CSI parsing</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202010312126.09VLQqMZ021948>