svn commit: r391507 - head/security/vuxml
Mark Felder
feld at FreeBSD.org
Tue Jul 7 14:54:14 UTC 2015
Author: feld
Date: Tue Jul 7 14:54:12 2015
New Revision: 391507
URL: https://svnweb.freebsd.org/changeset/ports/391507
Log:
Document haproxy information leak
Security: CVE-2015-3281
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Jul 7 14:51:33 2015 (r391506)
+++ head/security/vuxml/vuln.xml Tue Jul 7 14:54:12 2015 (r391507)
@@ -57,6 +57,42 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="cbfa8bd7-24b6-11e5-86ff-14dae9d210b8">
+ <topic>haproxy -- information leak vulnerability</topic>
+ <affects>
+ <package>
+ <name>haproxy</name>
+ <range><ge>1.5.0</ge><lt>1.5.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>HAProxy reports:</p>
+ <blockquote cite="http://www.haproxy.org/news.html">
+ <p>A vulnerability was found when HTTP pipelining is used. In
+ some cases, a client might be able to cause a buffer alignment issue and
+ retrieve uninitialized memory contents that exhibit data from a past
+ request or session. I want to address sincere congratulations to Charlie
+ Smurthwaite of aTech Media for the really detailed traces he provided
+ which made it possible to find the cause of this bug. Every user of
+ 1.5-dev, 1.5.x or 1.6-dev must upgrade to 1.5.14 or latest 1.6-dev
+ snapshot to fix this issue, or use the backport of the fix provided by
+ their operating system vendors. CVE-2015-3281 was assigned to this bug.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.haproxy.org/news.html</url>
+ <url>http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4</url>
+ <mlist>http://seclists.org/oss-sec/2015/q3/61</mlist>
+ <cvename>CVE-2015-3281</cvename>
+ </references>
+ <dates>
+ <discovery>2015-07-02</discovery>
+ <entry>2015-07-07</entry>
+ </dates>
+ </vuln>
+
<vuln vid="038a5808-24b3-11e5-b0c8-bf4d8935d4fa">
<topic>roundcube - multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list