diff options
| author | Bernard Spil <brnrd@FreeBSD.org> | 2016-12-29 13:08:32 +0000 |
|---|---|---|
| committer | Bernard Spil <brnrd@FreeBSD.org> | 2016-12-29 13:08:32 +0000 |
| commit | 584da89984f7ddb4e41deaee7673ae7b72a70c3b (patch) | |
| tree | 52ae9db163ba3b1582fafbf813cbd9674fcc7dcc /security | |
| parent | - Fix fetch: the only ftp MASTER_SITE requires extended passive mode support ... (diff) | |
security/vuxml: Document h2o vulnerability
PR: 215587
Submitted by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer)
Notes
Notes:
svn path=/head/; revision=429906
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8d76178257d0..09cfef942bda 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,34 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="d0b12952-cb86-11e6-906f-0cc47a065786"> + <topic>www/h2o -- Use-after-free vulnerability</topic> + <affects> + <package> + <name>h2o</name> + <range><lt>2.0.4_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Kazuho Oku reports:</p> + <blockquote cite="https://github.com/h2o/h2o/issues?q=label%3Avulnerability"> + <p>A use-after-free vulnerability exists in H2O up to and including + version 2.0.4 / 2.1.0-beta3 that can be used by a remote attacker to + mount DoS attacks and / or information theft.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/h2o/h2o/releases/tag/v2.0.5</url> + <url>https://github.com/h2o/h2o/issues/1144</url> + </references> + <dates> + <discovery>2016-09-09</discovery> + <entry>2016-12-21</entry> + </dates> + </vuln> + <vuln vid="1b61ecef-cdb9-11e6-a9a5-b499baebfeaf"> <topic>PHP -- multiple vulnerabilities</topic> <affects> |