search for: cvename

Colin, good day! Spotted two patches for x11-servers/xorg-server port: see entries for x11r6.9.0-dbe-render.diff and x11r6.9.0-cidfonts.diff at http://xorg.freedesktop.org/releases/X11R6.9.0/patches/index.html Seems like they are not applied to the xorg-server-6.9.0_5. May be it should be added to the VuXML document? There is a ports/107733 issue that incorporates these patches. May be you

...ince none of them are operating system related, I assumed a -p1 and -p2 of the 5.4-RELEASE. Instead, we got a patch for the HTT security issue so I wonder, is the FreeBSD version of tcpdump and/or gzip are secured or simply forgotten/ignored? tcpdump references: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1279 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1280 gzip references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228 Best regards, Jesper...

...t; Are you sure about the CVE number? According to Debian [1 [1]] and > mitre [2 [2]], it's > for SIEMENS something, not Dovecot. > > best regards, > Jonas Wielicki > > [1]: https://security-tracker.debian.org/tracker/CVE-2016-8562 > [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-856 > 2 Ups, sent wrong number, correct is CVE-2016-8652. That is the same number, no? No, read it again. the wrong and pasted copie are 8 5 62, his revised is 8 6 52 -- Kind Regard, Noel Butler This Email, including any attachments, may contain legally privileged...

...> mitre [2 [2]], it's > > > for SIEMENS something, not Dovecot. > > > > > > best regards, > > > Jonas Wielicki > > > > > > [1]: https://security-tracker.debian.org/tracker/CVE-2016-8562 > > > [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-856 > > > 2 > > > > Ups, sent wrong number, correct is CVE-2016-8652. > > That is the same number, no? > > > > No, read it again. the wrong and pasted copie are 8 5 62, his revised > > is > > 8 6 52 > > Ah, thank you....

hi all, i haven't seen any discussion here of this issue, nor do i see any obviously related (open) bugs in bugzilla. It's not clear to me from the CVE how important this issue is or isn't, but i'm a bit concerned. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4091 thanks as always to wayne & the other contributors for great software. danno -- Dan Pritts, System Administrator Internet2 office: +1-734-352-4953 | mobile: +1-734-834-7224 Internet2 R&E Network Members Community,...

...f Puppet Dashboard, but by default Puppet Dashboard does not interact with them in a way that exposes it to these vulnerabilities. Nevertheless, this release of Puppet Dashboard addresses these CVEs as well. Detailed information on the CVEs can be found at these URLs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0263 Downloads ======== RPM packages for are available at https://yum.puppetlabs.com/el or /fedora...

Good Morning, We just performed some security scanning on one of our AIX systems and these vulnerabilities was returned: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5000 We are currently running: 5.8.0.6101 The latest on IBMs Website<https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=openssh&cp=UTF-8> is 5.8p1 (5.8.0.620...

Hello http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 "Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow." Is FreeBSD 5.x/6.x affected too? It looks the System has file...

...1.9.10.1 src/gnu/usr.bin/gzip/unlzh.c 1.5.36.1 src/gnu/usr.bin/gzip/unpack.c 1.6.36.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 The latest revision of this advisor...

...1.9.10.1 src/gnu/usr.bin/gzip/unlzh.c 1.5.36.1 src/gnu/usr.bin/gzip/unpack.c 1.6.36.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 The latest revision of this advisor...

...1.9.10.1 src/gnu/usr.bin/gzip/unlzh.c 1.5.36.1 src/gnu/usr.bin/gzip/unpack.c 1.6.36.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 The latest revision of this advisor...

...2016-8562) > Are you sure about the CVE number? According to Debian [1] and mitre [2], it?s > for SIEMENS something, not Dovecot. > > best regards, > Jonas Wielicki > > [1]: https://security-tracker.debian.org/tracker/CVE-2016-8562 > [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8562 Ups, sent wrong number, correct is CVE-2016-8652. Aki

...1.12.4.1 src/contrib/tcpdump/print-ldp.c 1.1.1.1.4.1 src/contrib/tcpdump/print-rsvp.c 1.1.1.1.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280 http://marc.theaimsgroup.com/?l=bugtraq&m=111454406222040 http://marc.theaimsgroup.com/?l=bu...

...1.12.4.1 src/contrib/tcpdump/print-ldp.c 1.1.1.1.4.1 src/contrib/tcpdump/print-rsvp.c 1.1.1.1.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280 http://marc.theaimsgroup.com/?l=bugtraq&m=111454406222040 http://marc.theaimsgroup.com/?l=bu...

...s user gaining root access on a Samba serving system. All versions of Samba up to and including Samba 2.2.8 are vulnerable. Alpha versions of Samba 3.0 and above are *NOT* vulnerable.'' <URL: http://us1.samba.org/samba/whatsnew/samba-2.2.8.html > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085 > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086 > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196 > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201 > +------------------------------------------------...

...s user gaining root access on a Samba serving system. All versions of Samba up to and including Samba 2.2.8 are vulnerable. Alpha versions of Samba 3.0 and above are *NOT* vulnerable.'' <URL: http://us1.samba.org/samba/whatsnew/samba-2.2.8.html > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085 > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086 > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196 > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201 > +------------------------------------------------...

...Fixed Directory traversal vulnerability. Remote attackers may cause a denial of service via a URL that ends in . (dot), / (forward slash), or \ (backward slash). Buffer overflows may allow remote attackers to execute arbitrary code or cause a denial of service. <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0784> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1083> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1229> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1230> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CA...

...l the patches are applied. Known Exploits -------------- There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code. References ---------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657 Acknowledgements ---------------- The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force...

...is that the ChangeLog for the ClamAV (http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog) says about CVE-2007-1997 as the libclamav/cab.c log entry, but I think they are messed the numbers -- there is no such CVE, at least I failed to find it via cve.mitre.org: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1997 But the CVE-2007-1870 is a candidate and has no relevant information, so I am not 100% sure about the correct number. -- Eygene -------------- next part -------------- <vuln vid="unknown"> <topic>clamav -- CAB File Unstore Buffer Overflow Vulnerab...

Hi, Just want to ask about the status of this:- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0002 >From list archives I gather the fix is still under refinement (but committed (and removed?) in HEAD and RELENG_5_2). One paranoid little shop is running a public web server on RELENG_4_9, and contemplating this patch:- http://marc.theaimsgroup.com/?l=freebsd-cvs-all&am...