svn commit: r428640 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Fri Dec 16 02:14:30 UTC 2016
Author: junovitch
Date: Fri Dec 16 02:14:29 2016
New Revision: 428640
URL: https://svnweb.freebsd.org/changeset/ports/428640
Log:
Document two CVEs fixed in Atheme 7.2.7
PR: 209217
Security: CVE-2014-9773
Security: CVE-2016-4478
Security: https://vuxml.FreeBSD.org/freebsd/e47ab5db-c333-11e6-ae1b-002590263bf5.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Dec 16 01:50:46 2016 (r428639)
+++ head/security/vuxml/vuln.xml Fri Dec 16 02:14:29 2016 (r428640)
@@ -58,6 +58,43 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="e47ab5db-c333-11e6-ae1b-002590263bf5">
+ <topic>atheme-services -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>atheme-services</name>
+ <range><lt>7.2.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mitre reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9773">
+ <p>modules/chanserv/flags.c in Atheme before 7.2.7 allows remote
+ attackers to modify the Anope FLAGS behavior by registering and
+ dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.</p>
+ </blockquote>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4478">
+ <p>Buffer overflow in the xmlrpc_char_encode function in
+ modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows
+ remote attackers to cause a denial of service via vectors related
+ to XMLRPC response encoding.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/209217</freebsdpr>
+ <cvename>CVE-2014-9773</cvename>
+ <cvename>CVE-2016-4478</cvename>
+ <url>https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e</url>
+ <url>https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b</url>
+ </references>
+ <dates>
+ <discovery>2016-01-09</discovery>
+ <entry>2016-12-16</entry>
+ </dates>
+ </vuln>
+
<vuln vid="512c0ffd-cd39-4da4-b2dc-81ff4ba8e238">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list