svn commit: r341695 - head/security/vuxml
Martin Wilke
miwi at FreeBSD.org
Wed Jan 29 08:22:57 UTC 2014
Author: miwi
Date: Wed Jan 29 08:22:56 2014
New Revision: 341695
URL: http://svnweb.freebsd.org/changeset/ports/341695
QAT: https://qat.redports.org/buildarchive/r341695/
Log:
- Fix format
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Jan 29 08:11:01 2014 (r341694)
+++ head/security/vuxml/vuln.xml Wed Jan 29 08:22:56 2014 (r341695)
@@ -63,7 +63,12 @@ Note: Please add new entries to the beg
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Florian Weimer of the Red Hat Product Security Team reports:</p>
<blockquote cite="http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt">
- <p>Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen for example in scripts that receive data from untrusted sources.</p>
+ <p>Due to a missing check during assembly of the HTTP request line a long
+ target server name in the PROXY-CONNECT address can cause a stack buffer
+ overrun. Exploitation requires that the attacker is able to provide the
+ target server name to the PROXY-CONNECT address in the command line.
+ This can happen for example in scripts that receive data from untrusted
+ sources.</p>
</blockquote>
</body>
</description>
@@ -115,7 +120,9 @@ Note: Please add new entries to the beg
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OTRS Project reports:</p>
<blockquote cite="https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/">
- <p>An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks.</p>
+ <p>An attacker that managed to take over the session of a logged in customer
+ could create tickets and/or send follow-ups to existing tickets due to
+ missing challenge token checks.</p>
</blockquote>
</body>
</description>
@@ -269,8 +276,10 @@ Note: Please add new entries to the beg
there will be a brief interruption of service and the cache will be
emptied, causing more traffic to go to the backend.
</p>
- <p>We are releasing this advisory because restarting from vcl_error{} is both fairly common and documented.</p>
- <p>This is purely a denial of service vulnerability, there is no risk of privilege escalation.</p>
+ <p>We are releasing this advisory because restarting from vcl_error{} is
+ both fairly common and documented.</p>
+ <p>This is purely a denial of service vulnerability, there is no risk of
+ privilege escalation.</p>
<p>Workaround</p>
<p>Insert this at the top of your VCL file:</p>
<pre>
More information about the svn-ports-all
mailing list