Date: Mon, 31 Aug 2009 21:12:10 +0200 (CEST) From: Matthias Andree <matthias.andree@gmx.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: secteam@FreeBSD.org Subject: ports/138418: [PATCH] security/vuxml: add dns/dnsmasq entries CVE-2009-2957 and CVE-2009-2958 Message-ID: <20090831191210.E8CA933E77@rho.emma.line.org> Resent-Message-ID: <200908311920.n7VJK4nT069671@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 138418 >Category: ports >Synopsis: [PATCH] security/vuxml: add dns/dnsmasq entries CVE-2009-2957 and CVE-2009-2958 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Aug 31 19:20:04 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 7.2-RELEASE-p2 i386 >Organization: >Environment: System: FreeBSD rho.emma.line.org 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #0: Wed Jun 24 00:57:44 UTC 2009 >Description: Add entry for dns/dnsmasq CVE-2009-2957 and CVE-2009-2958, TFTP DoS and unprivileged code injection (this was handled as one update by the upstream so it should be safe to merge them). Port maintainer (secteam@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- vuxml-1.1_1.patch begins here --- Index: vuln.xml =================================================================== RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.2015 diff -u -u -r1.2015 vuln.xml --- vuln.xml 25 Aug 2009 08:20:28 -0000 1.2015 +++ vuln.xml 31 Aug 2009 19:10:41 -0000 @@ -34,6 +34,44 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="325475da-9660-11de-96f7-080027a5e77e"> + <topic>dnsmasq -- TFTP server remote code injection vulnerability</topic> + <affects> + <package> + <name>dnsmasq</name> + <range><lt>2.50</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Simon Kelley reports:</p> + <blockquote cite="http://www.thekelleys.org.uk/dnsmasq/CHANGELOG">; + <p> + Fix security problem which allowed any host permitted to + do TFTP to possibly compromise dnsmasq by remote buffer + overflow when TFTP enabled. Thanks to Core Security + Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro + Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and + Pablo Annetta. This problem has Bugtraq id: 36121 + and CVE: 2009-2957</p> + <p> + Fix a problem which allowed a malicious TFTP client to + crash dnsmasq. Thanks to Steve Grubb at Red Hat for + spotting this. This problem has Bugtraq id: 36120 and + CVE: 2009-2958</p> + </blockquote> + </body> + </description> + <references> + <cvename>2009-2957</cvename> + <cvename>2009-2958</cvename> + </references> + <dates> + <discovery>2009-08-23</discovery> + <entry>2009-08-31</entry> + </dates> + </vuln> + <vuln vid="e15f2356-9139-11de-8f42-001aa0166822"> <topic>apache22 -- several vulnerability</topic> <affects> --- vuxml-1.1_1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090831191210.E8CA933E77>