svn commit: r369658 - head/security/vuxml
Brad Davis
brd at FreeBSD.org
Tue Sep 30 20:09:33 UTC 2014
Author: brd (doc committer)
Date: Tue Sep 30 20:09:32 2014
New Revision: 369658
URL: http://svnweb.freebsd.org/changeset/ports/369658
QAT: https://qat.redports.org/buildarchive/r369658/
Log:
- Document sysutils/rsyslog vulnerabilities CVE-2014-3634
Reviewed by: bdrewery@
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Sep 30 19:22:24 2014 (r369657)
+++ head/security/vuxml/vuln.xml Tue Sep 30 20:09:32 2014 (r369658)
@@ -57,6 +57,36 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="8e0e86ff-48b5-11e4-ab80-000c29f6ae42">
+ <topic>rsyslog -- remote syslog PRI vulnerability</topic>
+ <affects>
+ <package>
+ <name>rsyslog</name>
+ <range><lt>7.6.6</lt></range>
+ <range><lt>8.4.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The rsyslog project reports:</p>
+ <blockquote cite="http://www.rsyslog.com/remote-syslog-pri-vulnerability/">
+ <p>potential abort when a message with PRI > 191 was processed
+ if the "pri-text" property was used in active templates,
+ this could be abused to a remote denial of service from
+ permitted senders</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.rsyslog.com/remote-syslog-pri-vulnerability/</url>
+ <cvename>CVE-2014-3634</cvename>
+ </references>
+ <dates>
+ <discovery>2014-09-30</discovery>
+ <entry>2014-09-30</entry>
+ </dates>
+ </vuln>
+
<vuln vid="6c083cf8-4830-11e4-ae2c-c80aa9043978">
<topic>fish -- local privilege escalation and remote code execution</topic>
<affects>
More information about the svn-ports-head
mailing list