svn commit: r431785 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Wed Jan 18 11:22:49 UTC 2017
Author: junovitch
Date: Wed Jan 18 11:22:47 2017
New Revision: 431785
URL: https://svnweb.freebsd.org/changeset/ports/431785
Log:
Document mulitiple PowerDNS vulnerabilities
PR: 216135
PR: 216136
Reported by: Dani <i.dani at outlook.com>
Security: CVE-2016-2120
Security: CVE-2016-7068
Security: CVE-2016-7072
Security: CVE-2016-7073
Security: CVE-2016-7074
Security: https://vuxml.FreeBSD.org/freebsd/e3200958-dd6c-11e6-ae1b-002590263bf5.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Jan 18 11:21:41 2017 (r431784)
+++ head/security/vuxml/vuln.xml Wed Jan 18 11:22:47 2017 (r431785)
@@ -58,6 +58,58 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="e3200958-dd6c-11e6-ae1b-002590263bf5">
+ <topic>powerdns -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>powerdns</name>
+ <range><lt>3.4.11</lt></range>
+ <range><ge>4.0.0</ge><lt>4.0.2</lt></range>
+ </package>
+ <package>
+ <name>powerdns-recursor</name>
+ <range><lt>3.7.4</lt></range>
+ <range><ge>4.0.0</ge><lt>4.0.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PowerDNS reports:</p>
+ <blockquote cite="https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/">
+ <p>2016-02: Crafted queries can cause abnormal CPU usage</p>
+ </blockquote>
+ <blockquote cite="https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/">
+ <p>2016-03: Denial of service via the web server</p>
+ </blockquote>
+ <blockquote cite="https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/">
+ <p>2016-04: Insufficient validation of TSIG signatures</p>
+ </blockquote>
+ <blockquote cite="https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/">
+ <p>2016-05: Crafted zone record can cause a denial of service</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-7068</cvename>
+ <cvename>CVE-2016-7072</cvename>
+ <cvename>CVE-2016-7073</cvename>
+ <cvename>CVE-2016-7074</cvename>
+ <cvename>CVE-2016-2120</cvename>
+ <freebsdpr>ports/216135</freebsdpr>
+ <freebsdpr>ports/216136</freebsdpr>
+ <url>https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/</url>
+ <url>https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/</url>
+ <url>https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/</url>
+ <url>https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/</url>
+ <url>https://blog.powerdns.com/2017/01/13/powerdns-authoritative-server-4-0-2-released/</url>
+ <url>https://blog.powerdns.com/2017/01/13/powerdns-recursor-4-0-4-released/</url>
+ </references>
+ <dates>
+ <discovery>2016-12-15</discovery>
+ <entry>2017-01-18</entry>
+ </dates>
+ </vuln>
+
<vuln vid="4af92a40-db33-11e6-ae1b-002590263bf5">
<topic>groovy -- remote execution of untrusted code/DoS vulnerability</topic>
<affects>
More information about the svn-ports-all
mailing list