diff options
author | Remko Lodder <remko@FreeBSD.org> | 2006-07-29 16:54:34 +0000 |
---|---|---|
committer | Remko Lodder <remko@FreeBSD.org> | 2006-07-29 16:54:34 +0000 |
commit | fd89666aadba29c1a061acae72c609a5589f573e (patch) | |
tree | 7f036884afcd0152123371875fd1d4643c1fde77 /security/vuxml | |
parent | etrace is a configurable static port network tracing tool, similar to (diff) |
Add a BID to the latest vuxml entry.
Some minor changes to the markup of the entry.
Notes
Notes:
svn path=/head/; revision=169052
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 44 |
1 files changed, 16 insertions, 28 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 1c509f09a882..821cb19f07a7 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -35,7 +35,7 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuln vid="76562594-1f19-11db-b7d4-0008743bf21a"> - <topic>Ruby - Safe Level Security Bypass Vulnerabilities</topic> + <topic>ruby - multiple vulnerabilities</topic> <affects> <package> <name>ruby</name> @@ -46,36 +46,24 @@ Note: Please add new entries to the beginning of this file. </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Secunia reports:</p> - <blockquote cite="http://secunia.com/advisories/21009/"> - <p> - Two vulnerabilities have been reported in Ruby, which can be - exploited by malicious people to bypass certain security - restrictions. - </p> - - <ol> - <li> - An error in the handling of the "alias" functionality - can be exploited to bypass the safe level protection and - replace methods called in the trusted level. - </li> - - <li> - An error caused due to directory operations not being - properly checked can be exploited to bypass the safe - level protection and close untainted directory streams. - </li> - </ol> - - <p> - The vulnerabilities have been reported in version 1.8.4 and - prior. - </p> - </blockquote> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/21009/"> + <p>Two vulnerabilities have been reported in Ruby, which can + be exploited by malicious people to bypass certain security + restrictions.</p> + <ol> + <li>An error in the handling of the "alias" functionality + can be exploited to bypass the safe level protection and + replace methods called in the trusted level.</li> + <li>An error caused due to directory operations not being + properly checked can be exploited to bypass the safe + level protection and close untainted directory streams.</li> + </ol> + </blockquote> </body> </description> <references> + <bid>18944</bid> <cvename>CVE-2006-3694</cvename> <url>http://secunia.com/advisories/21009/</url> <url>http://jvn.jp/jp/JVN%2383768862/index.html</url> |