diff options
| author | Bernard Spil <brnrd@FreeBSD.org> | 2017-10-02 14:06:26 +0000 |
|---|---|---|
| committer | Bernard Spil <brnrd@FreeBSD.org> | 2017-10-02 14:06:26 +0000 |
| commit | 671acd7fd33718c85c908f6cfe322977de7934d5 (patch) | |
| tree | af7f82f05d240eca757860326b33c03b2c8f9431 | |
| parent | multimedia/emby-server: Update to 3.2.33.0 (diff) | |
security/vuxml: Document dnsmasq vulnerabilities
Notes
Notes:
svn path=/head/; revision=451078
| -rw-r--r-- | security/vuxml/vuln.xml | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 076d8b2e28df..0bef70a94f22 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,52 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="b77b5646-a778-11e7-ac58-b499baebfeaf"> + <topic>dnsmasq -- mulitple</topic> + <affects> + <package> + <name>dnsmasq</name> + <range><lt>2.78,1</lt></range> + </package> + <package> + <name>dnsmasq-devel</name> + <range><lt>2.78</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Google Project Zero reports:</p> + <blockquote cite="https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"> + <ul> + <li>CVE-2017-14491: Heap based overflow (2 bytes). Before 2.76 and this + commit overflow was unrestricted.</li> + <li>CVE-2017-14492: Heap based overflow.</li> + <li>CVE-2017-14493: Stack Based overflow.</li> + <li>CVE-2017-14494: Information Leak</li> + <li>CVE-2017-14495: Lack of free()</li> + <li>CVE-2017-14496: Invalid boundary checks. Integer underflow leading + to a huge memcpy.</li> + <li>CVE-2017-13704: Crash on large DNS query</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html</url> + <cvename>CVE-2017-14491</cvename> + <cvename>CVE-2017-14492</cvename> + <cvename>CVE-2017-14493</cvename> + <cvename>CVE-2017-14494</cvename> + <cvename>CVE-2017-14495</cvename> + <cvename>CVE-2017-14496</cvename> + <cvename>CVE-2017-13704</cvename> + </references> + <dates> + <discovery>2017-10-02</discovery> + <entry>2017-10-02</entry> + </dates> + </vuln> + <vuln vid="33888815-631e-4bba-b776-a9b46fe177b5"> <topic>phpmyfaq -- multiple issues</topic> <affects> |