diff options
author | Henrik Brix Andersen <brix@FreeBSD.org> | 2007-11-27 21:57:02 +0000 |
---|---|---|
committer | Henrik Brix Andersen <brix@FreeBSD.org> | 2007-11-27 21:57:02 +0000 |
commit | b7030782335b909fcc5a4f375505511816cd9d4c (patch) | |
tree | 4f1f0d2b061c778be6d2059f6ff61c97fc46ef66 /security | |
parent | Document firefox multiple unspecified memory corruption vulnerabilities. (diff) |
Document ikiwiki improper symlink verification vulnerability.
Reviewed by: remko
Approved by: portmgr (erwin), erwin (mentor)
Notes
Notes:
svn path=/head/; revision=202845
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 582b9d454c76..6d5873b40504 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,35 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="31d9fbb4-9d09-11dc-a29d-0016d325a0ed"> + <topic>ikiwiki -- improper symlink verification vulnerability</topic> + <affects> + <package> + <name>ikiwiki</name> + <range><lt>2.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The ikiwiki development team reports:</p> + <blockquote cite="http://ikiwiki.info/security/#index29h2"> + <p>Ikiwiki did not check if path to the srcdir to contained a + symlink. If an attacker had commit access to the directories in + the path, they could change it to a symlink, causing ikiwiki to + read and publish files that were not intended to be + published. (But not write to them due to other checks.)</p> + </blockquote> + </body> + </description> + <references> + <url>http://ikiwiki.info/security/#index29h2</url> + </references> + <dates> + <discovery>2007-11-26</discovery> + <entry>2007-11-27</entry> + </dates> + </vuln> + <vuln vid="f1f6f6da-9d2f-11dc-9114-001c2514716c"> <topic>firefox -- multiple remote unspecified memory corruption vulnerabilities</topic> <affects> |