similar to: ports/128837: [vuxml] net-mgmt/net-snmp and net-mgmt/net-snmp53: CVE-2008-4309

>Submitter-Id: current-users >Originator: Eygene Ryabinkin >Organization: Code Labs >Confidential: no >Synopsis: [patch] [vuxml] net/wireshark: fix DoS in SMTP dissector >Severity: serious >Priority: high >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE i386 >Environment: System: FreeBSD 7.1-PRERELEASE i386 >Description: Today the DoS

>Submitter-Id: current-users >Originator: Eygene Ryabinkin >Organization: Code Labs >Confidential: no >Synopsis: [vuxml] editors/vim: document netrw issues >Severity: serious >Priority: medium >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE i386 >Environment: System: FreeBSD 7.1-PRERELEASE i386 >Description: A bunch of vulnerabilities were

Good day. Spotted the CVE-2007-1870: the clamav 0.90.2 is already in the ports, but no sign of the issue in the VuXML. The entry is attached. One thing that is a bit strange is that the ChangeLog for the ClamAV (http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog) says about CVE-2007-1997 as the libclamav/cab.c log entry, but I think they are messed the numbers -- there is no such CVE, at

Colin, good day! Spotted two patches for x11-servers/xorg-server port: see entries for x11r6.9.0-dbe-render.diff and x11r6.9.0-cidfonts.diff at http://xorg.freedesktop.org/releases/X11R6.9.0/patches/index.html Seems like they are not applied to the xorg-server-6.9.0_5. May be it should be added to the VuXML document? There is a ports/107733 issue that incorporates these patches. May be you

? 2007-3-15???8:00?freebsd-security-request@freebsd.org ??? > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org

Good day. Just spotted the new advisory from CORE: http://www.securityfocus.com/archive/1/462728/30/0/threaded Not an expert, but FreeBSD's src/sys/kern/uipc_mbuf2.c has the very simular code. Robert, anyone, could you please check? Thank you. -- Eygene

Good day. Fri, Feb 29, 2008 at 04:39:03PM -0000, sipherr@gmail.com wrote: > I just tested this on FreeBSD 6.3. This bug was discovered on NetBSD. It also works on OpenBSD (unconfirmed on 4.2) > > Steps to reproduce: > > 1. Run ppp > > 2. type the following (or atleat some variation of) > >

Hi, Does FASTIPSec in FreeBSD use OCF framework ? Where can I find more documentation ? I wish to run cryptographic algorithms after setting a VPN. What command should I use to run a particular crytographic algorithm (e.g. 3DES etc.) Where can I find all such information ? -- Regards, Bubble

Hello All, I'd like to bring to your attention the Vulnerabilities and eXposures Markup Language (VuXML) and associated resources. VuXML is a markup language designed for the documentation of security issues within a single package collection. Since about February of this year, we have been diligently documenting vulnerabilities in FreeBSD and the FreeBSD Ports Collection using VuXML. The

Hello Everyone, I have made a few small changes to the VuXML.org web sites, http://www.vuxml.org/freebsd/ (aka vuxml.freebsd.org) and http://www.vuxml.org/openbsd/ - Date-oriented indices (e.g. entry date index) visually group entries from the same date. - The package name index is more useful, listing individual package names. - Each package referenced in VuXML now has its own index

Good day. I am posting the follow-up to the -hackers and CC'ing to the -security, because some more-or-less nasty points were found. Sat, Feb 23, 2008 at 10:32:02PM +0300, Eygene Ryabinkin wrote: > But there is another concern with bzero(): it is well-known function. > Especially for compilers. And it is bad: some arrays inside g_eli, > that hold decryption keys are the local

Hello, The current png-1.2.5_4 port has no more vulnerability. It has been corrected by ache@FreeBSD.org yesterday. But when i try to install the updated port to remplace the vulnerable one this is what i am told : # make install ===> png-1.2.5_4 has known vulnerabilities: >> libpng denial-of-service. Reference:

I've used that patch to close the hole. This patch is temporary and doesn't fix real trouble maker - problem in new version in getenv() (after 6.3 it got changed to something monstrous and non-working right if environment has only one variable), hope it will get fixed soon. *** rtld.c.orig Tue Dec 1 16:55:13 2009 --- rtld.c Tue Dec 1 16:55:55 2009 *************** *** 357,374 ****

For those who are running Autokey with stock NTPD: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 http://www.freebsd.org/cgi/query-pr.cgi?pr=134787 For users of net/ntp: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/134755 http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/134756 -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'`

This note is essentially a request for a reality check. I use IPFW & natd on the box that provides the interface between my home networks and the Internet; the connection is (static) residential DSL. I configured IPFW to accept & log all SSH "setup" requests, and use natd to forward such requests to an internal machine that only accepts public key authentication; that

Hi everyone, Not sure if you've read http://www.win.tue.nl/hashclash/SoftIntCodeSign/ . should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? : " MD5 has not yet (2001-09-03) been broken, but sufficient attacks have been made that its security is in some doubt. The attacks on MD5 are in the

Hi all, Thought some of you might be interested in this tool comparison: http://en.wikipedia.org/wiki/ Comparison_of_open_source_configuration_management_software -- There are three social classes in America: upper middle class, middle class, and lower middle class. --Judith Martin --------------------------------------------------------------------- Luke Kanies |

Hello all. I am really new in the world of bandwidth management.I just want to finish a task.i want to give IP Based Bandwidth Management.I am using RedHat9 Linux and wish to use "HTB" for controlling bandwidth.I don''t want to controll bandwidth application wise.I wanted to know what other tools are required for bandwidth management besides HTB.I have learned that htb comes

HI All, I need some open source timesheet management system for my company.Anybody knows some rails open source timesheet and project mgmt softwares? If so pls tell me. I really need them.Thanks in Advance. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

Add TSC stop support for Deep C state TSC may stop at deep C state (C3/C4...) entry/exit. this patch add the logic that save and restore TSC during deep C state entry/exit, by using platform timer (PIT/HPET) signed-off-by: Yu Ke <ke.yu@intel.com> signed-off-by: Tian Kevin <kevin.tian@intel.com> signed-off-by: Wei Gang<gang.wei@intel.com>