ports/80724: [PATCH] security/vuxml: add + update leafnode entries
Matthias Andree
matthias.andree at gmx.de
Sat May 7 10:10:25 UTC 2005
>Number: 80724
>Category: ports
>Synopsis: [PATCH] security/vuxml: add + update leafnode entries
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat May 07 10:10:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Matthias Andree
>Release: FreeBSD 4.11-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD libertas.emma.line.org 4.11-RELEASE-p4 FreeBSD 4.11-RELEASE-p4 #21: Sat Apr 23 00:21:13 CEST 2005
>Description:
Modify previous leafnode entries (URL on leafnode home page,
add CVE name for CAN-2002-1661 and CAN-2004-2068).
Add new leafnode entry CAN-2005-1453.
Port maintainer (nectar at FreeBSD.org) is cc'd.
Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:
--- vuxml-1.1_1.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/vuxml/vuln.xml /root/ports/security/vuxml/vuln.xml
--- /usr/ports/security/vuxml/vuln.xml Tue May 3 12:14:18 2005
+++ /root/ports/security/vuxml/vuln.xml Sat May 7 11:58:07 2005
@@ -12930,7 +12930,8 @@
</body>
</description>
<references>
- <url>http://leafnode.sourceforge.net/leafnode-SA-2002-01</url>
+ <url>http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt</url>
+ <cvename>CAN-2002-1661</cvename>
<mlist msgid="20021229205023.GA5216 at merlin.emma.line.org">http://sourceforge.net/mailarchive/message.php?msg_id=2796226</mlist>
<mlist msgid="20021229205023.GA5216 at merlin.emma.line.org">http://article.gmane.org/gmane.network.leafnode.announce/8</mlist>
<bid>6490</bid>
@@ -12939,6 +12940,7 @@
<dates>
<discovery>2002-11-06</discovery>
<entry>2004-05-21</entry>
+ <modified>2005-05-07</modified>
</dates>
</vuln>
@@ -12958,7 +12960,7 @@
</description>
<references>
<cvename>CAN-2003-0744</cvename>
- <url>http://leafnode.sourceforge.net/leafnode-SA-2003-01</url>
+ <url>http://leafnode.sourceforge.net/leafnode-SA-2003-01.txt</url>
<mlist msgid="20030904011904.GB12350 at merlin.emma.line.org">http://sourceforge.net/mailarchive/message.php?msg_id=5975563</mlist>
<mlist msgid="20030904011904.GB12350 at merlin.emma.line.org">http://article.gmane.org/gmane.network.leafnode.announce/21</mlist>
<bid>8541</bid>
@@ -12967,6 +12969,7 @@
<dates>
<discovery>2003-06-20</discovery>
<entry>2004-05-21</entry>
+ <modified>2005-05-07</modified>
</dates>
</vuln>
@@ -12988,7 +12991,8 @@
</body>
</description>
<references>
- <url>http://leafnode.sourceforge.net/leafnode-SA-2004-01</url>
+ <cvename>CAN-2004-2068</cvename>
+ <url>http://leafnode.sourceforge.net/leafnode-SA-2004-01.txt</url>
<url>http://sourceforge.net/tracker/index.php?func=detail&aid=873149&group_id=57767&atid=485349</url>
<mlist msgid="20040109015625.GA12319 at merlin.emma.line.org">http://article.gmane.org/gmane.network.leafnode.announce/32</mlist>
<mlist msgid="20040109015625.GA12319 at merlin.emma.line.org">http://sourceforge.net/mailarchive/message.php?msg_id=6922570</mlist>
@@ -12997,6 +13001,44 @@
<dates>
<discovery>2004-01-08</discovery>
<entry>2004-05-21</entry>
+ <modified>2005-05-07</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="66dbb2ee-99b8-45b2-bb3e-640caea67a60">
+ <topic>leafnode fetchnews denial-of-service triggered by transmission abort/timeout</topic>
+ <affects>
+ <package>
+ <name>leafnode</name>
+ <range><ge>1.9.48</ge><lt>1.11.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>When an upstream server aborts the transmission or stops sending
+ data after the fetchnews program has requested an article header
+ or body, fetchnews may crash, without querying further servers
+ that are configured. This can prevent articles from being fetched.
+ </p>
+ </body>
+ </description>
+ <references>
+ <url>http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt</url>
+ <cvename>CAN-2005-1453</cvename>
+ <freebsdpr>ports/80663</freebsdpr>
+ <bid>13489</bid>
+ <bid>13492</bid>
+ <mlist msgid="20050504152311.GA25593 at merlin.emma.line.org">http://sourceforge.net/mailarchive/forum.php?thread_id=7186974&forum_id=10210</mlist>
+ <mlist msgid="20050504152311.GA25593 at merlin.emma.line.org">http://article.gmane.org/gmane.network.leafnode.announce/52</mlist>
+ <mlist msgid="20050504152311.GA25593 at merlin.emma.line.org">http://www.dt.e-technik.uni-dortmund.de/pipermail/leafnode-list/2005q2/000900.html</mlist>
+ <mlist msgid="20050504152311.GA25593 at merlin.emma.line.org">http://www.fredi.de/maillist/msg00111.html</mlist>
+ <mlist msgid="20050504152311.GA25593 at merlin.emma.line.org">http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0037.html</mlist>
+ <url>http://www.frsirt.com/english/advisories/2005/0468</url>
+ <url>http://secunia.com/advisories/15252</url>
+ </references>
+ <dates>
+ <discovery>2005-05-04</discovery>
+ <entry>2005-05-07</entry>
</dates>
</vuln>
--- vuxml-1.1_1.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list