svn commit: r558911 - head/security/vuxml
Juraj Lutter
otis at FreeBSD.org
Tue Dec 22 14:16:44 UTC 2020
Author: otis
Date: Tue Dec 22 14:16:43 2020
New Revision: 558911
URL: https://svnweb.freebsd.org/changeset/ports/558911
Log:
Document vulns for powerdns and postsrsd
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D27706
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Dec 22 13:29:58 2020 (r558910)
+++ head/security/vuxml/vuln.xml Tue Dec 22 14:16:43 2020 (r558911)
@@ -58,6 +58,67 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="eb2845c4-43ce-11eb-aba5-00a09858faf5">
+ <topic>postsrsd -- Denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>postsrsd</name>
+ <range><lt>1.10</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>postsrsd developer reports:</p>
+ <blockquote cite="https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac">
+ <p>PostSRSd could be tricked into consuming a lot of CPU time with
+ an SRS address that has an excessively long time stamp tag.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2020-35573</cvename>
+ <url>https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac</url>
+ <url>https://github.com/roehling/postsrsd/releases/tag/1.10</url>
+ </references>
+ <dates>
+ <discovery>2020-12-12</discovery>
+ <entry>2020-12-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="61d89849-43cb-11eb-aba5-00a09858faf5">
+ <topic>powerdns -- Various issues in GSS-TSIG support</topic>
+ <affects>
+ <package>
+ <name>powerdns</name>
+ <range><lt>4.4.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PowerDNS developers report:</p>
+ <blockquote cite="https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html">
+ <p>A remote, unauthenticated attacker can trigger a race condition
+ leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.</p>
+ <p>A remote, unauthenticated attacker can cause a denial of service by
+ sending crafted queries with a GSS-TSIG signature.</p>
+ <p>A remote, unauthenticated attacker might be able to cause a double-free,
+ leading to a crash or possibly arbitrary code execution by sending crafted queries with a GSS-TSIG signature.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2020-24696</cvename>
+ <cvename>CVE-2020-24697</cvename>
+ <cvename>CVE-2020-24698</cvename>
+ <url>https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html</url>
+ </references>
+ <dates>
+ <discovery>2020-08-27</discovery>
+ <entry>2020-12-21</entry>
+ </dates>
+ </vuln>
+
<vuln vid="cc1fd3da-b8fd-4f4d-a092-c38541c0f993">
<topic>vault -- User Enumeration via LDAP auth</topic>
<affects>
More information about the svn-ports-all
mailing list