summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey A. Osokin <osa@FreeBSD.org>2024-05-29 13:17:07 -0400
committerSergey A. Osokin <osa@FreeBSD.org>2024-05-29 13:17:07 -0400
commitba05634827a48f0525bb4f017c0f5c7dbeaa90f3 (patch)
tree45b20c28babf3e505106da252177aab0ecf66be8
parentdevel/mongo-c-driver: fix packaging by removing missing file (diff)
security/vuxml: add www/nginx-devel < 1.27.0
Obtained: https://nginx.org/en/security_advisories.html
Diffstat
-rw-r--r--security/vuxml/vuln/2024.xml34
1 files changed, 34 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index b2863a68a44f..03eadfe8f1f0 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,37 @@
+ <vuln vid="320a19f7-1ddd-11ef-a2ae-8c164567ca3c">
+ <topic>nginx-devel -- Multiple Vulnerabilities in HTTP/3</topic>
+ <affects>
+ <package>
+ <name>nginx-devel</name>
+ <range><ge>1.25.0</ge><lt>1.27.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The nginx development team reports:</p>
+ <blockquote cite="http://nginx.org/en/security_advisories.html">
+ <p>This update fixes the following vulnerabilities:</p>
+ <ul>
+ <li>Stack overflow and use-after-free in HTTP/3</li>
+ <li>Buffer overwrite in HTTP/3</li>
+ <li>Memory disclosure in HTTP/3</li>
+ <li>NULL pointer dereference in HTTP/3</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2024-31079</cvename>
+ <cvename>CVE-2024-32760</cvename>
+ <cvename>CVE-2024-34161</cvename>
+ <cvename>CVE-2024-35200</cvename>
+ </references>
+ <dates>
+ <discovery>2024-05-29</discovery>
+ <entry>2024-05-29</entry>
+ </dates>
+ </vuln>
+
<vuln vid="6926d038-1db4-11ef-9f97-a8a1599412c6">
<topic>chromium -- security fix</topic>
<affects>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-17 11:25:56 +0000