svn commit: r550413 - head/security/vuxml
Kurt Jaeger
pi at FreeBSD.org
Mon Sep 28 09:42:56 UTC 2020
Author: pi
Date: Mon Sep 28 09:42:55 2020
New Revision: 550413
URL: https://svnweb.freebsd.org/changeset/ports/550413
Log:
security/vuxml: add entry dns/powerdns below 4.3.1
- CVE-2020-17482
PR: 249560
Submitted by: Ralf van der Enden <tremere at cainites.net>
Relnotes: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Sep 28 09:19:14 2020 (r550412)
+++ head/security/vuxml/vuln.xml Mon Sep 28 09:42:55 2020 (r550413)
@@ -58,6 +58,40 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="b371db92-fe34-11ea-b90e-6805ca2fa271">
+ <topic>powerdns -- Leaking uninitialised memory through crafted zone records</topic>
+ <affects>
+ <package>
+ <name>powerdns</name>
+ <range><ge>4.3.0</ge><lt>4.3.1</lt></range>
+ <range><ge>4.2.0</ge><lt>4.2.3</lt></range>
+ <range><ge>4.1.0</ge><lt>4.1.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PowerDNS Team reports</p>
+ <blockquote cite="https://doc.powerdns.com/authoritative/changelog/4.3.html#change-4.3.1">
+ <p>CVE-2020-17482: An issue has been found in PowerDNS Authoritative
+ Server before 4.3.1 where an authorized user with the
+ ability to insert crafted records into a zone might
+ be able to leak the content of uninitialized memory.
+ Such a user could be a customer inserting data via a
+ control panel, or somebody with access to the REST
+ API. Crafted records cannot be inserted via AXFR.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html</url>
+ <cvename>CVE-2020-17482</cvename>
+ </references>
+ <dates>
+ <discovery>2020-09-22</discovery>
+ <entry>2020-09-24</entry>
+ </dates>
+ </vuln>
+
<vuln vid="e68d3db1-fd04-11ea-a67f-e09467587c17">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list