summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2004-10-12 23:46:41 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2004-10-12 23:46:41 +0000
commitc94d440a5f7d96dc61e74a4526f97bb27e5f92a7 (patch)
tree9556b97a71e1b560c6c2ad87a3171390acb0c409
parent- Upgrade to 1.64. (diff)
Document a vulnerability in sharutils.
Approved by: nectar
Diffstat
-rw-r--r--security/vuxml/vuln.xml31
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index feda937dd423..127c37b98681 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,37 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="26c9e8c6-1c99-11d9-814e-0001020eed82">
+ <topic>sharutils -- buffer overflows</topic>
+ <affects>
+ <package>
+ <name>sharutils</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>From Gentoo advisory GLSA 200410-01:</p>
+ <blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200410-01.xml">
+ <p>sharutils contains two buffer overflows. Ulf Harnhammar
+ discovered a buffer overflow in shar.c, where the length
+ of data returned by the wc command is not checked.
+ Florian Schilhabel discovered another buffer overflow in
+ unshar.c.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>11298</bid>
+ <url>http://www.gentoo.org/security/en/glsa/glsa-200410-01.xml</url>
+ <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=265904</url>
+ </references>
+ <dates>
+ <discovery>2004-08-15</discovery>
+ <entry>2004-10-13</entry>
+ </dates>
+ </vuln>
+
<vuln vid="3030ae22-1c7f-11d9-81a4-0050fc56d258">
<topic>mail-notification -- denial-of-service vulnerability</topic>
<affects>
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-06 15:15:47 +0000