diff options
| author | Jason Unovitch <junovitch@FreeBSD.org> | 2016-12-16 02:14:29 +0000 |
|---|---|---|
| committer | Jason Unovitch <junovitch@FreeBSD.org> | 2016-12-16 02:14:29 +0000 |
| commit | e85b24d14f7e6951a2937c722f308906056ca2a1 (patch) | |
| tree | 471c67d47e39b4a4ca800ec890bcfa18404ad52c | |
| parent | Update to the 20161208 snapshot of GCC 6. (diff) | |
Document two CVEs fixed in Atheme 7.2.7
PR: 209217
Security: CVE-2014-9773
Security: CVE-2016-4478
Security: https://vuxml.FreeBSD.org/freebsd/e47ab5db-c333-11e6-ae1b-002590263bf5.html
| -rw-r--r-- | security/vuxml/vuln.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 5f161398f508..c9504c78a587 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,43 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e47ab5db-c333-11e6-ae1b-002590263bf5"> + <topic>atheme-services -- multiple vulnerabilities</topic> + <affects> + <package> + <name>atheme-services</name> + <range><lt>7.2.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mitre reports:</p> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9773"> + <p>modules/chanserv/flags.c in Atheme before 7.2.7 allows remote + attackers to modify the Anope FLAGS behavior by registering and + dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.</p> + </blockquote> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4478"> + <p>Buffer overflow in the xmlrpc_char_encode function in + modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows + remote attackers to cause a denial of service via vectors related + to XMLRPC response encoding.</p> + </blockquote> + </body> + </description> + <references> + <freebsdpr>ports/209217</freebsdpr> + <cvename>CVE-2014-9773</cvename> + <cvename>CVE-2016-4478</cvename> + <url>https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e</url> + <url>https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b</url> + </references> + <dates> + <discovery>2016-01-09</discovery> + <entry>2016-12-16</entry> + </dates> + </vuln> + <vuln vid="512c0ffd-cd39-4da4-b2dc-81ff4ba8e238"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> |