diff options
author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-04-25 21:10:40 +0000 |
---|---|---|
committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-04-25 21:10:40 +0000 |
commit | 991aff6f408ff01a51df2ace8e478b24e406c0ab (patch) | |
tree | 945d23cbb64f2d70b7c6fc3b07d55c690f4b390f /security | |
parent | Fix install (do not create a file in /, use WRKDIR instead). (diff) |
Document some older vulnerabilities in GAIM.
Notes
Notes:
svn path=/head/; revision=134161
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a825b694ef49..6347ab080f39 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,72 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="8b0e94cc-b5cd-11d9-a788-0001020eed82"> + <topic>gaim -- AIM/ICQ remote denial of service vulnerability</topic> + <affects> + <package> + <name>gaim</name> + <name>ja-gaim</name> + <name>ko-gaim</name> + <name>ru-gaim</name> + <range><lt>1.1.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The GAIM team reports that GAIM is vulnerable to a + denial-of-service vulnerability which can cause GAIM to + freeze:</p> + <blockquote cite="http://gaim.sourceforge.net/security/index.php?id=10"> + <p>Certain malformed SNAC packets sent by other AIM or ICQ + users can trigger an infinite loop in Gaim when parsing + the SNAC. The remote user would need a custom client, able + to generate malformed SNACs.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2005-0472</cvename> + <url>http://gaim.sourceforge.net/security/index.php?id=10</url> + </references> + <dates> + <discovery>2005-02-17</discovery> + <entry>2005-04-25</entry> + </dates> + </vuln> + + <vuln vid="142353df-b5cc-11d9-a788-0001020eed82"> + <topic>gaim -- remote DoS on receiving malformed HTML</topic> + <affects> + <package> + <name>gaim</name> + <name>ja-gaim</name> + <name>ko-gaim</name> + <name>ru-gaim</name> + <range><lt>1.1.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The GAIM team reports:</p> + <blockquote cite="http://gaim.sourceforge.net/security/index.php?id=12"> + <p>Receiving malformed HTML can result in an invalid memory + access causing Gaim to crash.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2005-0208</cvename> + <cvename>CAN-2005-0473</cvename> + <url>http://gaim.sourceforge.net/security/index.php?id=11</url> + <url>http://gaim.sourceforge.net/security/index.php?id=12</url> + </references> + <dates> + <discovery>2005-02-17</discovery> + <entry>2005-04-25</entry> + </dates> + </vuln> + <vuln vid="91f1adc7-b3e9-11d9-a788-0001020eed82"> <topic>kdewebdev -- kommander untrusted code execution vulnerability</topic> |