svn commit: r547912 - head/security/vuxml
Xin LI
delphij at FreeBSD.org
Mon Sep 7 18:02:56 UTC 2020
Author: delphij
Date: Mon Sep 7 18:02:55 2020
New Revision: 547912
URL: https://svnweb.freebsd.org/changeset/ports/547912
Log:
Document mpd multiple vulnerabilities.
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Sep 7 17:32:35 2020 (r547911)
+++ head/security/vuxml/vuln.xml Mon Sep 7 18:02:55 2020 (r547912)
@@ -58,6 +58,43 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="3749ae9e-f132-11ea-97da-d05099c0ae8c">
+ <topic>MPD -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mpd5</name>
+ <range><lt>5.9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chen Nan of Chaitin Security Research Lab reports:</p>
+ <blockquote cite="http://mpd.sourceforge.net/doc5/mpd4.html#4">
+ <p>Fix buffer overflow introduced in version 5.8: processing of
+ template %aX in a RADIUS authentication response might lead
+ to unexpected termination of the mpd5 process.
+ Installations not using RADIUS or not using %aX templates
+ in RADIUS attributes were not affected.</p>
+ <p>Fix buffer overflow in parsing of L2TP control packets
+ introduced in version 4.0 that initially brought in L2TP
+ support: a specially crafted incoming L2TP control packet
+ might lead to unexpected termination of the process.
+ Installations with neither L2TP clients nor L2TP server
+ configured are not affected.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2020-7465</cvename>
+ <cvename>CVE-2020-7466</cvename>
+ <url>http://mpd.sourceforge.net/doc5/mpd4.html#4</url>
+ </references>
+ <dates>
+ <discovery>2020-09-06</discovery>
+ <entry>2020-09-07</entry>
+ </dates>
+ </vuln>
+
<vuln vid="cd97c7ca-f079-11ea-9c31-001b216d295b">
<topic>Multi-link PPP protocol daemon MPD5 remotely exploitable crash</topic>
<affects>
More information about the svn-ports-head
mailing list