[Midnightbsd-cvs] mports [20744] trunk/security/vuxml/vuln.xml: update the sec list
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu Nov 12 18:41:48 EST 2015
Revision: 20744
http://svnweb.midnightbsd.org/mports/?rev=20744
Author: laffer1
Date: 2015-11-12 18:41:47 -0500 (Thu, 12 Nov 2015)
Log Message:
-----------
update the sec list
Modified Paths:
--------------
trunk/security/vuxml/vuln.xml
Modified: trunk/security/vuxml/vuln.xml
===================================================================
--- trunk/security/vuxml/vuln.xml 2015-11-12 23:29:26 UTC (rev 20743)
+++ trunk/security/vuxml/vuln.xml 2015-11-12 23:41:47 UTC (rev 20744)
@@ -58,6 +58,4154 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f0b9049f-88c4-11e5-aed7-00262d5ed8ee">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <!--pcbsd-->
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>46.0.2490.86</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2015/11/stable-channel-update.html">
+ <p>[520422] High CVE-2015-1302: Information leak in PDF viewer.
+ Credit to Rob Wu.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1302</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2015/11/stable-channel-update.html</url>
+ </references>
+ <dates>
+ <discovery>2015-11-10</discovery>
+ <entry>2015-11-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="851a0eea-88aa-11e5-90e7-b499baebfeaf">
+ <topic>MySQL - Multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mariadb-client</name>
+ <range><lt>5.3.13</lt></range>
+ </package>
+ <package>
+ <name>mariadb-server</name>
+ <range><lt>5.3.13</lt></range>
+ </package>
+ <package>
+ <name>mariadb55-client</name>
+ <range><lt>5.5.46</lt></range>
+ </package>
+ <package>
+ <name>mariadb55-server</name>
+ <range><lt>5.5.46</lt></range>
+ </package>
+ <package>
+ <name>mariadb100-client</name>
+ <range><lt>10.0.22</lt></range>
+ </package>
+ <package>
+ <name>mariadb100-server</name>
+ <range><lt>10.0.22</lt></range>
+ </package>
+ <package>
+ <name>mysql55-client</name>
+ <range><lt>5.5.46</lt></range>
+ </package>
+ <package>
+ <name>mysql55-server</name>
+ <range><lt>5.5.46</lt></range>
+ </package>
+ <package>
+ <name>mysql56-client</name>
+ <range><lt>5.6.27</lt></range>
+ </package>
+ <package>
+ <name>mysql56-server</name>
+ <range><lt>5.6.27</lt></range>
+ </package>
+ <package>
+ <name>percona55-client</name>
+ <range><lt>5.5.46</lt></range>
+ </package>
+ <package>
+ <name>percona55-server</name>
+ <range><lt>5.5.46</lt></range>
+ </package>
+ <package>
+ <name>percona56-client</name>
+ <range><lt>5.6.27</lt></range>
+ </package>
+ <package>
+ <name>percona56-server</name>
+ <range><lt>5.6.27</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Oracle reports:</p>
+ <blockquote cite="http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html">
+ <p>Critical Patch Update: MySQL Server, version(s) 5.5.45 and prior, 5.6.26 and prior</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html</url>
+ <cvename>CVE-2015-4802</cvename>
+ <cvename>CVE-2015-4807</cvename>
+ <cvename>CVE-2015-4815</cvename>
+ <cvename>CVE-2015-4826</cvename>
+ <cvename>CVE-2015-4830</cvename>
+ <cvename>CVE-2015-4836</cvename>
+ <cvename>CVE-2015-4858</cvename>
+ <cvename>CVE-2015-4861</cvename>
+ <cvename>CVE-2015-4870</cvename>
+ <cvename>CVE-2015-4913</cvename>
+ <cvename>CVE-2015-4792</cvename>
+ <url>https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/</url>
+ <url>https://mariadb.com/kb/en/mariadb/mariadb-10022-release-notes/</url>
+ <url>https://www.percona.com/doc/percona-server/5.5/release-notes/Percona-Server-5.5.46-37.5.html</url>
+ <url>https://www.percona.com/doc/percona-server/5.6/release-notes/Percona-Server-5.6.27-75.0.html</url>
+ </references>
+ <dates>
+ <discovery>2015-11-10</discovery>
+ <entry>2015-11-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b665668a-91db-4f13-8113-9e4b5b0e47f7">
+ <topic>jenkins -- remote code execution via unsafe deserialization</topic>
+ <affects>
+ <package>
+ <name>jenkins</name>
+ <range><lt>1.638</lt></range>
+ </package>
+ <package>
+ <name>jenkins-lts</name>
+ <range><lt>1.625.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jenkins Developers report:</p>
+ <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11">
+ <p>Unsafe deserialization allows unauthenticated remote attackers to
+ run arbitrary code on the Jenkins master.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11</url>
+ <url>https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli</url>
+ <url>http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#thefix</url>
+ </references>
+ <dates>
+ <discovery>2015-11-06</discovery>
+ <entry>2015-11-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="71af4ded-8864-11e5-af1b-001999f8d30b">
+ <topic>owncloudclient -- Improper validation of certificates when using self-signed certificates</topic>
+ <affects>
+ <package>
+ <name>owncloudclient</name>
+ <range><lt>2.0.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>owncloud.org reports:</p>
+ <blockquote cite="https://owncloud.org/security/advisory/?id=oc-sa-2015-016">
+ <p>The ownCloud Desktop Client was vulnerable against MITM attacks until version 2.0.0 in combination with self-signed certificates.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://owncloud.org/security/advisory/?id=oc-sa-2015-016</url>
+ <cvename>CVE-2015-7298</cvename>
+ </references>
+ <dates>
+ <discovery>2015-09-21</discovery>
+ <entry>2015-11-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c0e76d33-8821-11e5-ab94-002590263bf5">
+ <topic>xen-tools -- populate-on-demand balloon size inaccuracy can crash guests</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><ge>3.4</ge><lt>4.5.1_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-153.html">
+ <p>Guests configured with PoD might be unstable, especially under
+ load. In an affected guest, an unprivileged guest user might be
+ able to cause a guest crash, perhaps simply by applying load so
+ as to cause heavy memory pressure within the guest.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7972</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-153.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-29</discovery>
+ <entry>2015-11-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e4848ca4-8820-11e5-ab94-002590263bf5">
+ <topic>xen-kernel -- some pmu and profiling hypercalls log without rate limiting</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><ge>3.2</ge><lt>4.5.1_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-152.html">
+ <p>HYPERCALL_xenoprof_op and HYPERVISOR_xenpmu_op log some errors and
+ attempts at invalid operations. These log messages are not
+ rate-limited, even though they can be triggered by guests.</p>
+ <p>A malicious guest could cause repeated logging to the hypervisor
+ console, leading to a Denial of Service attack.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7971</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-152.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-29</discovery>
+ <entry>2015-11-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e3792855-881f-11e5-ab94-002590263bf5">
+ <topic>xen-kernel -- leak of per-domain profiling-related vcpu pointer array</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><ge>4.0</ge><lt>4.5.1_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-151.html">
+ <p>A domain's xenoprofile state contains an array of per-vcpu
+ information... This array is leaked on domain teardown. This memory
+ leak could -- over time -- exhaust the host's memory.</p>
+ <p>The following parties can mount a denial of service attack
+ affecting the whole system:</p>
+ <ul>
+ <li>A malicious guest administrator via XENOPROF_get_buffer.</li>
+ <li>A domain given suitable privilege over another domain via
+ XENOPROF_set_passive (this would usually be a domain being
+ used to profile another domain, eg with the xenoprof tool).</li>
+ </ul>
+ <p>The ability to also restart or create suitable domains is also
+ required to fully exploit the issue. Without this the leak is
+ limited to a small multiple of the maximum number of vcpus for the
+ domain.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7969</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-151.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-29</discovery>
+ <entry>2015-11-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="83350009-881e-11e5-ab94-002590263bf5">
+ <topic>xen-kernel -- Long latency populate-on-demand operation is not preemptible</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><ge>3.4</ge><lt>4.5.1_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-150.html">
+ <p>When running an HVM domain in Populate-on-Demand mode, Xen would
+ sometimes search the domain for memory to reclaim, in response to
+ demands for population of other pages in the same domain. This
+ search runs without preemption. The guest can, by suitable
+ arrangement of its memory contents, create a situation where this
+ search is a time-consuming linear scan of the guest's address
+ space.</p>
+ <p>A malicious HVM guest administrator can cause a denial of service.
+ Specifically, prevent use of a physical CPU for a significant
+ period.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7970</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-150.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-29</discovery>
+ <entry>2015-11-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="fc1f8795-881d-11e5-ab94-002590263bf5">
+ <topic>xen-kernel -- leak of main per-domain vcpu pointer array</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.5.1_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-149.html">
+ <p>A domain's primary array of vcpu pointers can be allocated by a
+ toolstack exactly once in the lifetime of a domain via the
+ XEN_DOMCTL_max_vcpus hypercall. This array is leaked on domain
+ teardown. This memory leak could -- over time -- exhaust the host's
+ memory.</p>
+ <p>A domain given partial management control via XEN_DOMCTL_max_vcpus
+ can mount a denial of service attack affecting the whole system. The
+ ability to also restart or create suitable domains is also required
+ to fully exploit the issue. Without this the leak is limited to a
+ small multiple of the maximum number of vcpus for the domain. The
+ maximum leak is 64kbytes per domain (re)boot (less on ARM).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7969</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-149.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-29</discovery>
+ <entry>2015-11-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3d9f6260-881d-11e5-ab94-002590263bf5">
+ <topic>xen-kernel -- Uncontrolled creation of large page mappings by PV guests</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><ge>3.4</ge><lt>4.5.1_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-148.html">
+ <p>The code to validate level 2 page table entries is bypassed when
+ certain conditions are satisfied. This means that a PV guest can
+ create writeable mappings using super page mappings. Such writeable
+ mappings can violate Xen intended invariants for pages which Xen is
+ supposed to keep read-only. This is possible even if the
+ "allowsuperpage" command line option is not used.</p>
+ <p>Malicious PV guest administrators can escalate privilege so as to
+ control the whole system.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7835</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-148.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-29</discovery>
+ <entry>2015-11-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="301b04d7-881c-11e5-ab94-002590263bf5">
+ <topic>xen-tools -- libxl fails to honour readonly flag on disks with qemu-xen</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><ge>4.1</ge><lt>4.5.1_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-142.html">
+ <p>Callers of libxl can specify that a disk should be read-only to the
+ guest. However, there is no code in libxl to pass this information
+ to qemu-xen (the upstream-based qemu); and indeed there is no way in
+ qemu to make a disk read-only.</p>
+ <p>The vulnerability is exploitable only via devices emulated by the
+ device model, not the parallel PV devices for supporting PVHVM.
+ Normally the PVHVM device unplug protocol renders the emulated
+ devices inaccessible early in boot.</p>
+ <p>Malicious guest administrators or (in some situations) users may be
+ able to write to supposedly read-only disk images.</p>
+ <p>CDROM devices (that is, devices specified to be presented to the
+ guest as CDROMs, regardless of the nature of the backing storage on
+ the host) are not affected.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7311</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-142.html</url>
+ </references>
+ <dates>
+ <discovery>2015-09-22</discovery>
+ <entry>2015-11-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2f7f4db2-8819-11e5-ab94-002590263bf5">
+ <topic>p5-HTML-Scrubber -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>p5-HTML-Scrubber</name>
+ <range><lt>0.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5667">
+ <p>Cross-site scripting (XSS) vulnerability in the HTML-Scrubber
+ module before 0.15 for Perl, when the comment feature is enabled,
+ allows remote attackers to inject arbitrary web script or HTML via
+ a crafted comment.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5667</cvename>
+ <url>https://metacpan.org/release/HTML-Scrubber</url>
+ <url>http://jvndb.jvn.jp/jvndb/JVNDB-2015-000171</url>
+ <url>http://jvn.jp/en/jp/JVN53973084/index.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-10</discovery>
+ <entry>2015-11-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6ca7eddd-d436-486a-b169-b948436bcf14">
+ <topic>libvpx -- buffer overflow in vp9_init_context_buffers</topic>
+ <affects>
+ <package>
+ <name>libvpx</name>
+ <range><lt>1.4.0.488_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Project reports:</p>
+ <blockquote cite="https://www.mozilla.org/security/advisories/mfsa2015-101/">
+ <p>Security researcher Khalil Zhani reported that a
+ maliciously crafted vp9 format video could be used to
+ trigger a buffer overflow while parsing the file. This leads
+ to a potentially exploitable crash due to a flaw in the
+ libvpx library.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-4506</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-101/</url>
+ </references>
+ <dates>
+ <discovery>2015-09-22</discovery>
+ <entry>2015-11-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="56665ccb-8723-11e5-9b13-14dae9d210b8">
+ <topic>powerdns -- Denial of Service</topic>
+ <affects>
+ <package>
+ <name>powerdns</name>
+ <range><ge>3.4.4</ge><lt>3.4.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PowerDNS reports:</p>
+ <blockquote cite="https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/">
+ <p>A bug was found using afl-fuzz in our packet parsing code.
+ This bug, when exploited, causes an assertion error and consequent
+ termination of the the pdns_server process, causing a Denial of Service.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/</url>
+ <cvename>CVE-2015-5311</cvename>
+ </references>
+ <dates>
+ <discovery>2015-11-03</discovery>
+ <entry>2015-11-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0cb0afd9-86b8-11e5-bf60-080027ef73ec">
+ <topic>PuTTY -- memory corruption in terminal emulator's erase character handling</topic>
+ <affects>
+ <package>
+ <name>putty</name>
+ <range><ge>0.54</ge><lt>0.66</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ben Harris reports:</p>
+ <blockquote cite="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html">
+ <p>Versions of PuTTY and pterm between 0.54 and 0.65 inclusive have a
+ potentially memory-corrupting integer overflow in the handling of
+ the ECH (erase characters) control sequence in the terminal
+ emulator.</p>
+ <p>To exploit a vulnerability in the terminal emulator, an attacker
+ must be able to insert a carefully crafted escape sequence into the
+ terminal stream. For a PuTTY SSH session, this must be before
+ encryption, so the attacker likely needs access to the server you're
+ connecting to. For instance, an attacker on a multi-user machine
+ that you connect to could trick you into running cat on a file they
+ control containing a malicious escape sequence. (Unix write(1) is
+ not a vector for this, if implemented correctly.)</p>
+ <p>Only PuTTY, PuTTYtel, and pterm are affected; other PuTTY tools do
+ not include the terminal emulator, so cannot be exploited this
+ way.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html</url>
+ <cvename>CVE-2015-5309</cvename>
+ </references>
+ <dates>
+ <discovery>2015-11-06</discovery>
+ <entry>2015-11-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="18b3c61b-83de-11e5-905b-ac9e174be3af">
+ <topic>OpenOffice 4.1.1 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>apache-openoffice</name>
+ <range><lt>4.1.2</lt></range>
+ </package>
+ <package>
+ <name>apache-openoffice-devel</name>
+ <range><lt>4.2.1705368,3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache OpenOffice Project reports:</p>
+ <blockquote cite="http://www.openoffice.org/security/cves/CVE-2015-4551.html">
+ <p>A vulnerability in OpenOffice settings of OpenDocument Format
+ files and templates allows silent access to files that are
+ readable from an user account, over-riding the user's default
+ configuration settings. Once these files are imported into a
+ maliciously-crafted document, the data can be silently hidden
+ in the document and possibly exported to an external party
+ without being observed. </p>
+ </blockquote>
+ <p>The Apache OpenOffice Project reports:</p>
+ <blockquote cite="http://www.openoffice.org/security/cves/CVE-2015-5212.html">
+ <p>A crafted ODF document can be used to create a buffer that is
+ too small for the amount of data loaded into it, allowing an
+ attacker to cause denial of service (memory corruption and
+ application crash) and possible execution of arbitrary code.</p>
+ </blockquote>
+ <p>The Apache OpenOffice Project reports:</p>
+ <blockquote cite="http://www.openoffice.org/security/cves/CVE-2015-5213.html">
+ <p>A crafted Microsoft Word DOC file can be used to specify a
+ document buffer that is too small for the amount of data
+ provided for it. Failure to detect the discrepancy allows an
+ attacker to cause denial of service (memory corruption and
+ application crash) and possible execution of arbitrary code.</p>
+ </blockquote>
+ <p>The Apache OpenOffice Project reports:</p>
+ <blockquote cite="http://www.openoffice.org/security/cves/CVE-2015-5214.html">
+ <p>A crafted Microsoft Word DOC can contain invalid bookmark
+ positions leading to memory corruption when the document is
+ loaded or bookmarks are manipulated. The defect allows an
+ attacker to cause denial of service (memory corruption and
+ application crash) and possible execution of arbitrary code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-4551</cvename>
+ <url>http://www.openoffice.org/security/cves/CVE-2015-4551.html</url>
+ <cvename>CVE-2015-5212</cvename>
+ <url>http://www.openoffice.org/security/cves/CVE-2015-5212.html</url>
+ <cvename>CVE-2015-5213</cvename>
+ <url>http://www.openoffice.org/security/cves/CVE-2015-5213.html</url>
+ <cvename>CVE-2015-5214</cvename>
+ <url>http://www.openoffice.org/security/cves/CVE-2015-5214.html</url>
+ </references>
+ <dates>
+ <discovery>2015-11-04</discovery>
+ <entry>2015-11-05</entry>
+ <modified>2015-11-05</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="698403a7-803d-11e5-ab94-002590263bf5">
+ <topic>codeigniter -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>codeigniter</name>
+ <range><lt>2.2.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CodeIgniter changelog reports:</p>
+ <blockquote cite="https://codeigniter.com/userguide2/changelog.html">
+ <p>Fixed an XSS attack vector in Security Library method
+ xss_clean().</p>
+ <p>Changed Config Library method base_url() to fallback to
+ ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header
+ injections.</p>
+ <p>Changed CAPTCHA Helper to try to use the operating system's PRNG
+ first.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/203403</freebsdpr>
+ <url>https://codeigniter.com/userguide2/changelog.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-31</discovery>
+ <entry>2015-11-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="017a493f-7db6-11e5-a762-14dae9d210b8">
+ <topic>openafs -- information disclosure</topic>
+ <affects>
+ <package>
+ <name>openafs</name>
+ <range><lt>1.6.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenAFS development team reports:</p>
+ <blockquote cite="http://openafs.org/pages/security/OPENAFS-SA-2015-007.txt">
+ <p>When constructing an Rx acknowledgment (ACK) packet, Andrew-derived Rx
+ implementations do not initialize three octets of data that are padding
+ in the C language structure and were inadvertently included in the wire
+ protocol (CVE-2015-7762). Additionally, OpenAFS Rx in versions 1.5.75
+ through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0 through 1.7.32 include
+ a variable-length padding at the end of the ACK packet, in an attempt to
+ detect the path MTU, but only four octets of the additional padding are
+ initialized (CVE-2015-7763).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://openafs.org/pages/security/OPENAFS-SA-2015-007.txt</url>
+ <cvename>CVE-2015-7762</cvename>
+ <cvename>CVE-2015-7763</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-28</discovery>
+ <entry>2015-10-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4b9393b8-7c0c-11e5-a010-080027ddead3">
+ <topic>xscreensaver - lock bypass</topic>
+ <affects>
+ <package>
+ <name>xscreensaver</name>
+ <name>xscreensaver-gnome</name>
+ <name>xscreensaver-gnome-hacks</name>
+ <range><lt>5.34</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>RedHat bugzilla reports:</p>
+ <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1274452">
+ <p>In dual screen configurations, unplugging one screen will cause
+ xscreensaver to crash, leaving the screen unlocked.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.jwz.org/xscreensaver/changelog.html</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1274452</url>
+ <cvename>CVE-2015-8025</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-24</discovery>
+ <entry>2015-10-27</entry>
+ <modified>2015-11-04</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="2a4a112a-7c1b-11e5-bd77-0800275369e2">
+ <topic>lldpd -- Buffer overflow/Denial of service</topic>
+ <affects>
+ <package>
+ <name>lldpd</name>
+ <range><ge>0.5.6</ge><lt>0.7.19</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The lldpd developer Vincent Bernat reports:</p>
+ <blockquote cite="https://github.com/vincentbernat/lldpd/raw/0.7.19/NEWS">
+ <p>A buffer overflow may allow arbitrary code execution
+ only if hardening was disabled.</p>
+ </blockquote>
+ <blockquote cite="https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00">
+ <p>Malformed packets should not make lldpd crash. Ensure we can
+ handle them by not using assert() in this part.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8011</cvename>
+ <cvename>CVE-2015-8012</cvename>
+ <url>https://github.com/vincentbernat/lldpd/raw/0.7.19/NEWS</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/10/30/2</url>
+ </references>
+ <dates>
+ <discovery>2015-10-04</discovery>
+ <entry>2015-10-26</entry>
+ <modified>2015-11-10</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="24e4d383-7b3e-11e5-a250-68b599b52a02">
+ <topic>wireshark -- Pcapng file parser crash</topic>
+ <affects>
+ <package>
+ <name>wireshark</name>
+ <name>wireshark-lite</name>
+ <name>wireshark-qt5</name>
+ <name>tshark</name>
+ <name>tshark-lite</name>
+ <range><lt>1.12.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Wireshark development team reports:</p>
+ <blockquote cite="https://www.wireshark.org/docs/relnotes/wireshark-1.12.8.html">
+ <p>The following vulnerability has been fixed.</p>
+ <ul>
+ <li><p>wnpa-sec-2015-30</p>
+ <p>Pcapng file parser crash. (Bug 11455)</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.wireshark.org/docs/relnotes/wireshark-1.12.8.html</url>
+ <cvename>CVE-2015-7830</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-14</discovery>
+ <entry>2015-10-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0ebc6e78-7ac6-11e5-b35a-002590263bf5">
+ <topic>Joomla! -- Core - SQL Injection/ACL Violation vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><ge>3.2.0</ge><lt>3.4.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html">
+ <h2>[20151001] - Core - SQL Injection</h2>
+ <p>Inadequate filtering of request data leads to a SQL Injection
+ vulnerability.</p>
+ </blockquote>
+ <blockquote cite="http://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html">
+ <h2>[20151002] - Core - ACL Violations</h2>
+ <p>Inadequate ACL checks in com_contenthistory provide potential read
+ access to data which should be access restricted.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7297</cvename>
+ <cvename>CVE-2015-7857</cvename>
+ <cvename>CVE-2015-7858</cvename>
+ <cvename>CVE-2015-7859</cvename>
+ <url>http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html</url>
+ <url>http://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-22</discovery>
+ <entry>2015-10-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="03e54e42-7ac6-11e5-b35a-002590263bf5">
+ <topic>Joomla! -- Core - ACL Violation vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><ge>3.0.0</ge><lt>3.4.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="http://developer.joomla.org/security-centre/630-20151003-core-acl-violations.html">
+ <h2>[20151003] - Core - ACL Violations</h2>
+ <p>Inadequate ACL checks in com_content provide potential read access
+ to data which should be access restricted.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7899</cvename>
+ <url>http://developer.joomla.org/security-centre/630-20151003-core-acl-violations.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-22</discovery>
+ <entry>2015-10-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f8c37915-7ac5-11e5-b35a-002590263bf5">
+ <topic>Joomla! -- Core - XSS Vulnerability</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><ge>3.4.0</ge><lt>3.4.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="http://developer.joomla.org/security-centre/626-20150908-core-xss-vulnerability.html">
+ <h2>[20150908] - Core - XSS Vulnerability</h2>
+ <p>Inadequate escaping leads to XSS vulnerability in login module.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-6939</cvename>
+ <url>http://developer.joomla.org/security-centre/626-20150908-core-xss-vulnerability.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5628-joomla-3-4-4-released.html</url>
+ </references>
+ <dates>
+ <discovery>2015-09-08</discovery>
+ <entry>2015-10-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ec2d1cfd-7ac5-11e5-b35a-002590263bf5">
+ <topic>Joomla! -- Core - CSRF Protection vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><ge>3.2.0</ge><lt>3.4.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html">
+ <h2>[20150602] - Core - CSRF Protection</h2>
+ <p>Lack of CSRF checks potentially enabled uploading malicious code.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5397</cvename>
+ <url>http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5589-joomla-3-4-2-released.html</url>
+ </references>
+ <dates>
+ <discovery>2015-06-30</discovery>
+ <entry>2015-10-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="deaba148-7ac5-11e5-b35a-002590263bf5">
+ <topic>Joomla! -- Core - Open Redirect vulnerability</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><ge>3.0.0</ge><lt>3.4.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="http://developer.joomla.org/security-centre/617-20150601-core-open-redirect.html">
+ <h2>[20150601] - Core - Open Redirect</h2>
+ <p>Inadequate checking of the return value allowed to redirect to an
+ external page.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5608</cvename>
+ <url>http://developer.joomla.org/security-centre/617-20150601-core-open-redirect.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5589-joomla-3-4-2-released.html</url>
+ </references>
+ <dates>
+ <discovery>2015-06-30</discovery>
+ <entry>2015-10-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cec4d01a-7ac5-11e5-b35a-002590263bf5">
+ <topic>Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><lt>3.2.6</lt></range>
+ <range><ge>3.3.0</ge><lt>3.3.5</lt></range>
+ </package>
+ <package>
+ <name>joomla2</name>
+ <range><ge>2.5.4</ge><lt>2.5.26</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="http://developer.joomla.org/security-centre/595-20140903-core-remote-file-inclusion.html">
+ <h2>[20140903] - Core - Remote File Inclusion</h2>
+ <p>Inadequate checking allowed the potential for remote files to be
+ executed.</p>
+ </blockquote>
+ <blockquote cite="http://developer.joomla.org/security-centre/596-20140904-core-denial-of-service.html">
+ <h2>[20140904] - Core - Denial of Service</h2>
+ <p>Inadequate checking allowed the potential for a denial of service
+ attack.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-7228</cvename>
+ <cvename>CVE-2014-7229</cvename>
+ <url>http://developer.joomla.org/security-centre/595-20140903-core-remote-file-inclusion.html</url>
+ <url>http://developer.joomla.org/security-centre/596-20140904-core-denial-of-service.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5567-joomla-3-3-5-released.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5566-joomla-2-5-26-released.html</url>
+ </references>
+ <dates>
+ <discovery>2014-09-30</discovery>
+ <entry>2015-10-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="beb3d5fc-7ac5-11e5-b35a-002590263bf5">
+ <topic>Joomla! -- Core - Unauthorised Login vulnerability</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><lt>3.2.5</lt></range>
+ <range><ge>3.3.0</ge><lt>3.3.4</lt></range>
+ </package>
+ <package>
+ <name>joomla2</name>
+ <range><lt>2.5.25</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="http://developer.joomla.org/security-centre/594-20140902-core-unauthorised-logins.html">
+ <h2>[20140902] - Core - Unauthorised Logins</h2>
+ <p>Inadequate checking allowed unauthorised logins via LDAP
+ authentication.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-6632</cvename>
+ <url>http://developer.joomla.org/security-centre/594-20140902-core-unauthorised-logins.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5564-joomla-3-3-4-released.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5563-joomla-2-5-25-released.html</url>
+ </references>
+ <dates>
+ <discovery>2014-09-23</discovery>
+ <entry>2015-10-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="adbb32d9-7ac5-11e5-b35a-002590263bf5">
+ <topic>Joomla! -- Core - XSS Vulnerability</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><ge>3.2.0</ge><lt>3.2.5</lt></range>
+ <range><ge>3.3.0</ge><lt>3.3.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="http://developer.joomla.org/security-centre/593-20140901-core-xss-vulnerability.html">
+ <h2>[20140901] - Core - XSS Vulnerability</h2>
+ <p>Inadequate escaping leads to XSS vulnerability in com_media.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-6631</cvename>
+ <url>http://developer.joomla.org/security-centre/593-20140901-core-xss-vulnerability.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5564-joomla-3-3-4-released.html</url>
+ </references>
+ <dates>
+ <discovery>2014-09-23</discovery>
+ <entry>2015-10-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="75f39413-7a00-11e5-a2a1-002590263bf5">
+ <topic>drupal -- open redirect vulnerability</topic>
+ <affects>
+ <package>
+ <name>drupal7</name>
+ <range><lt>7.41</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Drupal development team reports:</p>
+ <blockquote cite="https://www.drupal.org/SA-CORE-2015-004">
+ <p>The Overlay module in Drupal core displays administrative pages
+ as a layer over the current page (using JavaScript), rather than
+ replacing the page in the browser window. The Overlay module does
+ not sufficiently validate URLs prior to displaying their contents,
+ leading to an open redirect vulnerability.</p>
+ <p>This vulnerability is mitigated by the fact that it can only be
+ used against site users who have the "Access the administrative
+ overlay" permission, and that the Overlay module must be enabled.
+ </p>
+ <p>An incomplete fix for this issue was released as part of
+ SA-CORE-2015-002.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7943</cvename>
+ <url>https://www.drupal.org/SA-CORE-2015-004</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/10/23/6</url>
+ </references>
+ <dates>
+ <discovery>2015-10-21</discovery>
+ <entry>2015-10-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="08d11134-79c5-11e5-8987-6805ca0b3d42">
+ <topic>phpMyAdmin -- Content spoofing vulnerability</topic>
+ <affects>
+ <package>
+ <name>phpMyAdmin</name>
+ <range><ge>4.4.0</ge><lt>4.4.15.1</lt></range>
+ <range><ge>4.5.0</ge><lt>4.5.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2015-5/">
+ <p>This vulnerability allows an attacker to perform a
+ content spoofing attack using the phpMyAdmin's redirection
+ mechanism to external sites.</p>
+ <p>We consider this vulnerability to be non critical since
+ the spoofed content is escaped and no HTML injection is
+ possible.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2015-5/</url>
+ <cvename>CVE-2015-7873</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-23</discovery>
+ <entry>2015-10-23</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b973a763-7936-11e5-a2a1-002590263bf5">
+ <topic>mediawiki -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mediawiki123</name>
+ <range><lt>1.23.11</lt></range>
+ </package>
+ <package>
+ <name>mediawiki124</name>
+ <range><lt>1.24.4</lt></range>
+ </package>
+ <package>
+ <name>mediawiki125</name>
+ <range><lt>1.25.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MediaWiki reports:</p>
+ <blockquote cite="https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html">
+ <p>Wikipedia user RobinHood70 reported two issues in the chunked
+ upload API. The API failed to correctly stop adding new chunks to
+ the upload when the reported size was exceeded (T91203), allowing
+ a malicious users to upload add an infinite number of chunks for a
+ single file upload. Additionally, a malicious user could upload
+ chunks of 1 byte for very large files, potentially creating a very
+ large number of files on the server's filesystem (T91205).</p>
+ <p>Internal review discovered that it is not possible to throttle file
+ uploads.</p>
+ <p>Internal review discovered a missing authorization check when
+ removing suppression from a revision. This allowed users with the
+ 'viewsuppressed' user right but not the appropriate
+ 'suppressrevision' user right to unsuppress revisions.</p>
+ <p>Richard Stanway from teamliquid.net reported that thumbnails of PNG
+ files generated with ImageMagick contained the local file path in
+ the image metadata.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html</url>
+ <url>https://phabricator.wikimedia.org/T91203</url>
+ <url>https://phabricator.wikimedia.org/T91205</url>
+ <url>https://phabricator.wikimedia.org/T91850</url>
+ <url>https://phabricator.wikimedia.org/T95589</url>
+ <url>https://phabricator.wikimedia.org/T108616</url>
+ </references>
+ <dates>
+ <discovery>2015-10-16</discovery>
+ <entry>2015-10-23</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c4a18a12-77fc-11e5-a687-206a8a720317">
+ <topic>ntp -- 13 low- and medium-severity vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ntp</name>
+ <range><lt>4.2.8p4</lt></range>
+ </package>
+ <package>
+ <name>ntp-devel</name>
+ <range><lt>4.3.76</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ntp.org reports:</p>
+ <blockquote cite="http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities">
+ <p>NTF's NTP Project has been notified of the following 13 low-
+ and medium-severity vulnerabilities that are fixed in
+ ntp-4.2.8p4, released on Wednesday, 21 October 2015:</p>
+ <ul>
+ <li>Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric
+ association authentication bypass via crypto-NAK
+ (Cisco ASIG)</li>
+ <li>Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch
+ instead of returning FAIL on some bogus values (IDA)</li>
+ <li>Bug 2921 CVE-2015-7854 Password Length Memory Corruption
+ Vulnerability. (Cisco TALOS)</li>
+ <li>Bug 2920 CVE-2015-7853 Invalid length data provided by a
+ custom refclock driver could cause a buffer overflow.
+ (Cisco TALOS)</li>
+ <li>Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption
+ Vulnerability. (Cisco TALOS)</li>
+ <li>Bug 2918 CVE-2015-7851 saveconfig Directory Traversal
+ Vulnerability. (OpenVMS) (Cisco TALOS)</li>
+ <li>Bug 2917 CVE-2015-7850 remote config logfile-keyfile.
+ (Cisco TALOS)</li>
+ <li>Bug 2916 CVE-2015-7849 trusted key use-after-free.
+ (Cisco TALOS)</li>
+ <li>Bug 2913 CVE-2015-7848 mode 7 loop counter underrun.
+ (Cisco TALOS)</li>
+ <li>Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC.
+ (Tenable)</li>
+ <li>Bug 2902 : CVE-2015-7703 configuration directives "pidfile"
+ and "driftfile" should only be allowed locally. (RedHat)</li>
+ <li>Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that
+ receive a KoD should validate the origin timestamp field.
+ (Boston University)</li>
+ <li>Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
+ Incomplete autokey data packet length checks. (Tenable)</li>
+ </ul>
+ <p>The only generally-exploitable bug in the above list is the
+ crypto-NAK bug, which has a CVSS2 score of 6.4.</p>
+ <p>Additionally, three bugs that have already been fixed in
+ ntp-4.2.8 but were not fixed in ntp-4.2.6 as it was EOL'd
+ have a security component, but are all below 1.8 CVSS score,
+ so we're reporting them here:</p>
+ <ul>
+ <li>Bug 2382 : Peer precision < -31 gives division by zero</li>
+ <li>Bug 1774 : Segfaults if cryptostats enabled when built
+ without OpenSSL</li>
+ <li>Bug 1593 : ntpd abort in free() with logconfig syntax error</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7691</cvename>
+ <cvename>CVE-2015-7692</cvename>
+ <cvename>CVE-2015-7701</cvename>
+ <cvename>CVE-2015-7702</cvename>
+ <cvename>CVE-2015-7703</cvename>
+ <cvename>CVE-2015-7704</cvename>
+ <cvename>CVE-2015-7705</cvename>
+ <cvename>CVE-2015-7848</cvename>
+ <cvename>CVE-2015-7849</cvename>
+ <cvename>CVE-2015-7850</cvename>
+ <cvename>CVE-2015-7851</cvename>
+ <cvename>CVE-2015-7852</cvename>
+ <cvename>CVE-2015-7853</cvename>
+ <cvename>CVE-2015-7854</cvename>
+ <cvename>CVE-2015-7855</cvename>
+ <cvename>CVE-2015-7871</cvename>
+ <url>http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities</url>
+ </references>
+ <dates>
+ <discovery>2015-10-21</discovery>
+ <entry>2015-10-21</entry>
+ <modified>2015-10-23</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="95602550-76cf-11e5-a2a1-002590263bf5">
+ <topic>codeigniter -- multiple XSS vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>codeigniter</name>
+ <range><lt>2.2.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CodeIgniter changelog reports:</p>
+ <blockquote cite="https://codeigniter.com/userguide2/changelog.html">
+ <p>Fixed a number of XSS attack vectors in Security Library method
+ xss_clean (thanks to Frans Rosén from Detectify.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/203403</freebsdpr>
+ <url>https://codeigniter.com/userguide2/changelog.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-08</discovery>
+ <entry>2015-10-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7f645ee5-7681-11e5-8519-005056ac623e">
+ <topic>Git -- Execute arbitrary code</topic>
+ <affects>
+ <package>
+ <name>git</name>
+ <range><lt>2.6.1</lt></range>
+ </package>
+ <package>
+ <name>git-gui</name>
+ <range><lt>2.6.1</lt></range>
+ </package>
+ <package>
+ <name>git-lite</name>
+ <range><lt>2.6.1</lt></range>
+ </package>
+ <package>
+ <name>git-subversion</name>
+ <range><lt>2.6.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Git release notes:</p>
+ <blockquote cite="https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.1.txt">
+ <p>Some protocols (like git-remote-ext) can execute arbitrary code
+ found in the URL. The URLs that submodules use may come from
+ arbitrary sources (e.g., .gitmodules files in a remote
+ repository), and can hurt those who blindly enable recursive
+ fetch. Restrict the allowed protocols to well known and safe
+ ones.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.1.txt</url>
+ </references>
+ <dates>
+ <discovery>2015-09-23</discovery>
+ <entry>2015-10-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3934cc60-f0fa-4eca-be09-c8bd7ae42871">
+ <topic>Salt -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>py27-salt</name>
+ <range><lt>2015.8.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Salt release notes:</p>
+ <blockquote cite="https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html">
+ <p>CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log</p>
+ <p>Updated the Git state and execution modules to no longer display HTTPS basic
+ authentication credentials in loglevel debug output on the Salt master. These
+ credentials are now replaced with REDACTED in the debug output. Thanks to
+ Andreas Stieger for bringing this to our attention.</p>
+ <p>CVE-2015-6941 - win_useradd module and salt-cloud display passwords in debug
+ log</p>
+ <p>Updated the win_useradd module return data to no longer include the password
+ of the newly created user. The password is now replaced with the string
+ XXX-REDACTED-XXX. Updated the Salt Cloud debug output to no longer display
+ win_password and sudo_password authentication credentials. Also updated the
+ Linode driver to no longer display authentication credentials in debug logs.
+ These credentials are now replaced with REDACTED in the debug output.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html</url>
+ <cvename>CVE-2015-6918</cvename>
+ <cvename>CVE-2015-6941</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-16</discovery>
+ <entry>2015-10-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="79c68ef7-c8ae-4ade-91b4-4b8221b7c72a">
+ <topic>firefox -- Cross-origin restriction bypass using Fetch</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>41.0.2,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>41.0.2,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Firefox Developers report:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/">
+ <p>Security researcher Abdulrahman Alqabandi reported that the fetch()
+ API did not correctly implement the Cross-Origin Resource Sharing
+ (CORS) specification, allowing a malicious page to access private
+ data from other origins. Mozilla developer Ben Kelly independently reported the
+ same issue.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/</url>
+ <cvename>CVE-2015-7184</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-15</discovery>
+ <entry>2015-10-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="84147b46-e876-486d-b746-339ee45a8bb9">
+ <topic>flash -- remote code execution</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <range><lt>11.2r202.540</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb15-27.html">
+ <p>These updates resolve type confusion vulnerabilities that
+ could lead to code execution (CVE-2015-7645, CVE-2015-7647,
+ CVE-2015-7648).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7645</cvename>
+ <cvename>CVE-2015-7647</cvename>
+ <cvename>CVE-2015-7648</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb15-27.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-16</discovery>
+ <entry>2015-10-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e75a96df-73ca-11e5-9b45-b499baebfeaf">
+ <topic>LibreSSL -- Memory leak and buffer overflow</topic>
+ <affects>
+ <package>
+ <name>libressl</name>
+ <range><lt>2.2.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Qualys reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/10/16/1">
+ <p>During the code review of OpenSMTPD a memory leak and buffer overflow
+ (an off-by-one, usually stack-based) were discovered in LibreSSL's
+ OBJ_obj2txt() function. This function is called automatically during
+ a TLS handshake (both client-side, unless an anonymous mode is used,
+ and server-side, if client authentication is requested).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://marc.info/?l=openbsd-announce&m=144495690528446</url>
+ <cvename>CVE-2015-5333</cvename>
+ <cvename>CVE-2015-5334</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-15</discovery>
+ <entry>2015-10-16</entry>
+ <modified>2015-10-26</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="07a1a76c-734b-11e5-ae81-14dae9d210b8">
+ <topic>mbedTLS/PolarSSL -- DoS and possible remote code execution</topic>
+ <affects>
+ <package>
+ <name>polarssl</name>
+ <range><ge>1.2.0</ge><lt>1.2.17</lt></range>
+ </package>
+ <package>
+ <name>polarssl13</name>
+ <range><ge>1.3.0</ge><lt>1.3.14</lt></range>
+ </package>
+ <package>
+ <name>mbedtls</name>
+ <range><lt>2.1.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ARM Limited reports:</p>
+ <blockquote cite="https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01">
+ <p>When the client creates its ClientHello message, due to
+ insufficient bounds checking it can overflow the heap-based buffer
+ containing the message while writing some extensions. Two extensions in
+ particular could be used by a remote attacker to trigger the overflow:
+ the session ticket extension and the server name indication (SNI)
+ extension.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01</url>
+ <cvename>CVE-2015-5291</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-05</discovery>
+ <entry>2015-10-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ea1d2530-72ce-11e5-a2a1-002590263bf5">
+ <topic>magento -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>magento</name>
+ <range><lt>1.9.2.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Magento, Inc. reports:</p>
+ <blockquote cite="https://www.magentocommerce.com/download">
+ <p>SUPEE-6482 - This patch addresses two issues related to APIs and
+ two cross-site scripting risks.</p>
+ <p>SUPEE-6285 - This patch provides protection against several types
+ of security-related issues, including information leaks, request
+ forgeries, and cross-site scripting.</p>
+ <p>SUPEE-5994 - This patch addresses multiple security
+ vulnerabilities in Magento Community Edition software, including
+ issues that can put customer information at risk.</p>
+ <p>SUPEE-5344 - Addresses a potential remote code execution
+ exploit.</p>
+ <p>SUPEE-1533 - Addresses two potential remote code execution
+ exploits.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/201709</freebsdpr>
+ <url>https://www.magentocommerce.com/download</url>
+ <url>http://merch.docs.magento.com/ce/user_guide/Magento_Community_Edition_User_Guide.html#magento/release-notes-ce-1.9.2.html</url>
+ <url>http://merch.docs.magento.com/ce/user_guide/Magento_Community_Edition_User_Guide.html#magento/release-notes-ce-1.9.2.1.html</url>
+ </references>
+ <dates>
+ <discovery>2014-10-03</discovery>
+ <entry>2015-10-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="705b759c-7293-11e5-a371-14dae9d210b8">
+ <topic>pear-twig -- remote code execution</topic>
+ <affects>
+ <package>
+ <name>pear-twig-twig</name>
+ <range><lt>1.20.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Fabien Potencier reports:</p>
+ <blockquote cite="http://symfony.com/blog/security-release-twig-1-20-0">
+ <p>End users can craft valid Twig code that allows them to
+ execute arbitrary code (RCEs) via the _self variable, which is always
+ available, even in sandboxed templates.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://symfony.com/blog/security-release-twig-1-20-0</url>
+ <cvename>CVE-2015-7809</cvename>
+ </references>
+ <dates>
+ <discovery>2015-08-12</discovery>
+ <entry>2015-10-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="06fefd2f-728f-11e5-a371-14dae9d210b8">
+ <topic>miniupnpc -- buffer overflow</topic>
+ <affects>
+ <package>
+ <name>miniupnpc</name>
+ <range><ge>1.9.1</ge><lt>1.9.20150917</lt></range>
+ <range><lt>1.9_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Talos reports:</p>
+ <blockquote cite="http://talosintel.com/reports/TALOS-2015-0035/">
+ <p>An exploitable buffer overflow vulnerability exists in the
+ XML parser functionality of the MiniUPnP library. A specially crafted
+ XML response can lead to a buffer overflow on the stack resulting in
+ remote code execution. An attacker can set up a server on the local
+ network to trigger this vulnerability.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-6031</cvename>
+ <url>http://talosintel.com/reports/TALOS-2015-0035/</url>
+ <url>https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78</url>
+ </references>
+ <dates>
+ <discovery>2015-09-15</discovery>
+ <entry>2015-10-14</entry>
+ <modified>2015-10-14</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="a63f2c06-726b-11e5-a12b-bcaec565249c">
+ <topic>flash -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <range><lt>11.2r202.535</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb15-25.html">
+ <p>These updates resolve a vulnerability that could be exploited
+ to bypass the same-origin-policy and lead to information
+ disclosure (CVE-2015-7628).</p>
+
+ <p>These updates include a defense-in-depth feature in the Flash
+ broker API (CVE-2015-5569).</p>
+
+ <p>These updates resolve use-after-free vulnerabilities that
+ could lead to code execution (CVE-2015-7629, CVE-2015-7631,
+ CVE-2015-7643, CVE-2015-7644).</p>
+
+ <p>These updates resolve a buffer overflow vulnerability that
+ could lead to code execution (CVE-2015-7632).</p>
+
+ <p>These updates resolve memory corruption vulnerabilities that
+ could lead to code execution (CVE-2015-7625, CVE-2015-7626,
+ CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5569</cvename>
+ <cvename>CVE-2015-7625</cvename>
+ <cvename>CVE-2015-7626</cvename>
+ <cvename>CVE-2015-7627</cvename>
+ <cvename>CVE-2015-7628</cvename>
+ <cvename>CVE-2015-7629</cvename>
+ <cvename>CVE-2015-7630</cvename>
+ <cvename>CVE-2015-7631</cvename>
+ <cvename>CVE-2015-7632</cvename>
+ <cvename>CVE-2015-7633</cvename>
+ <cvename>CVE-2015-7634</cvename>
+ <cvename>CVE-2015-7643</cvename>
+ <cvename>CVE-2015-7644</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb15-25.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-13</discovery>
+ <entry>2015-10-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8301c04d-71df-11e5-9fcb-00262d5ed8ee">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <!--pcbsd-->
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>46.0.2490.71</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2015/10/stable-channel-update.html">
+ <p>24 security fixes in this release, including:</p>
+ <ul>
+ <li>[519558] High CVE-2015-6755: Cross-origin bypass in Blink.
+ Credit to Mariusz Mlynski.</li>
+ <li>[507316] High CVE-2015-6756: Use-after-free in PDFium. Credit
+ to anonymous.</li>
+ <li>[529520] High CVE-2015-6757: Use-after-free in ServiceWorker.
+ Credit to Collin Payne.</li>
+ <li>[522131] High CVE-2015-6758: Bad-cast in PDFium. Credit to Atte
+ Kettunen of OUSPG.</li>
+ <li>[514076] Medium CVE-2015-6759: Information leakage in
+ LocalStorage. Credit to Muneaki Nishimura (nishimunea).</li>
+ <li>[519642] Medium CVE-2015-6760: Improper error handling in
+ libANGLE. Credit to lastland.net.</li>
+ <li>[447860,532967] Medium CVE-2015-6761: Memory corruption in
+ FFMpeg. Credit to Aki Helin of OUSPG and anonymous.</li>
+ <li>[512678] Low CVE-2015-6762: CORS bypass via CSS fonts. Credit
+ to Muneaki Nishimura (nishimunea).</li>
+ <li> [542517] CVE-2015-6763: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ <li>Multiple vulnerabilities in V8 fixed at the tip of the 4.6
+ branch (currently 4.6.85.23).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-6755</cvename>
+ <cvename>CVE-2015-6756</cvename>
+ <cvename>CVE-2015-6757</cvename>
+ <cvename>CVE-2015-6758</cvename>
+ <cvename>CVE-2015-6759</cvename>
+ <cvename>CVE-2015-6760</cvename>
+ <cvename>CVE-2015-6761</cvename>
+ <cvename>CVE-2015-6762</cvename>
+ <cvename>CVE-2015-6763</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2015/10/stable-channel-update.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-13</discovery>
+ <entry>2015-10-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="00dadbf0-6f61-11e5-a2a1-002590263bf5">
+ <topic>p5-UI-Dialog -- shell command execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>p5-UI-Dialog</name>
+ <range><lt>1.09_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Matthijs Kooijman reports:</p>
+ <blockquote cite="https://rt.cpan.org/Public/Bug/Display.html?id=107364">
+ <p>It seems that the whiptail, cdialog and kdialog backends apply
+ some improper escaping in their shell commands, causing special
+ characters present in menu item titles to be interpreted by the
+ shell. This includes the backtick evaluation operator, so this
+ constitutues a security issue, allowing execution of arbitrary
+ commands if an attacker has control over the text displayed in
+ a menu.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2008-7315</cvename>
+ <freebsdpr>ports/203667</freebsdpr>
+ <url>https://rt.cpan.org/Public/Bug/Display.html?id=107364</url>
+ <url>https://bugs.debian.org/496448</url>
+ <url>https://github.com/kckrinke/UI-Dialog/commit/6adc44cc636c615d76297d86835e1a997681eb61</url>
+ </references>
+ <dates>
+ <discovery>2008-08-24</discovery>
+ <entry>2015-10-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="290351c9-6f5c-11e5-a2a1-002590263bf5">
+ <topic>devel/ipython -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ipython</name>
+ <range><lt>3.2.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Matthias Bussonnier reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/09/02/3">
+ <p>Summary: Local folder name was used in HTML templates without
+ escaping, allowing XSS in said pages by carefully crafting folder
+ name and URL to access it.</p>
+ <p>URI with issues:</p>
+ <ul>
+ <li>GET /tree/**</li>
+ </ul>
+ </blockquote>
+ <p>Benjamin RK reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/09/16/3">
+ <p>Vulnerability: A maliciously forged file opened for editing can
+ execute javascript, specifically by being redirected to /files/ due
+ to a failure to treat the file as plain text.</p>
+ <p>URI with issues:</p>
+ <ul>
+ <li>GET /edit/**</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/203668</freebsdpr>
+ <cvename>CVE-2015-6938</cvename>
+ <cvename>CVE-2015-7337</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/02/3</url>
+ <url>https://github.com/ipython/ipython/commit/3ab41641cf6fce3860c73d5cf4645aa12e1e5892</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/16/3</url>
+ <url>https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967</url>
+ </references>
+ <dates>
+ <discovery>2015-09-01</discovery>
+ <entry>2015-10-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a0182578-6e00-11e5-a90c-0026551a22dc">
+ <topic>PostgreSQL -- minor security problems.</topic>
+ <affects>
+ <package>
+ <name>postgresql90-server</name>
+ <range><ge>9.0.0</ge><lt>9.0.22</lt></range>
+ </package>
+ <package>
+ <name>postgresql91-server</name>
+ <range><ge>9.1.0</ge><lt>9.1.18</lt></range>
+ </package>
+ <package>
+ <name>postgresql92-server</name>
+ <range><ge>9.2.0</ge><lt>9.2.13</lt></range>
+ </package>
+ <package>
+ <name>postgresql93-server</name>
+ <range><ge>9.3.0</ge><lt>9.3.9</lt></range>
+ </package>
+ <package>
+ <name>postgresql94-server</name>
+ <range><ge>9.4.0</ge><lt>9.4.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PostgreSQL project reports:</p>
+ <blockquote cite="http://www.postgresql.org/about/news/1615/">
+ <p>
+ Two security issues have been fixed in this release which affect
+ users of specific PostgreSQL features.
+ </p>
+ <ul>
+ <li>CVE-2015-5289 json or jsonb input values constructed from
+ arbitrary user input can crash the PostgreSQL server and cause a denial of
+ service.
+ </li>
+ <li>CVE-2015-5288: The crypt() function included with the optional pgCrypto
+ extension could be exploited to read a few additional bytes of memory.
+ No working exploit for this issue has been developed.
+ </li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5289</cvename>
+ <cvename>CVE-2015-5288</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-08</discovery>
+ <entry>2015-10-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d3324fdb-6bf0-11e5-bc5e-00505699053e">
+ <topic>ZendFramework1 -- SQL injection vulnerability</topic>
+ <affects>
+ <package>
+ <name>ZendFramework1</name>
+ <range><lt>1.12.16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Zend Framework developers report:</p>
+ <blockquote cite="http://framework.zend.com/security/advisory/ZF2015-08">
+ <p>The PDO adapters of Zend Framework 1 do not filter null bytes values
+ in SQL statements. A PDO adapter can treat null bytes in a query as a
+ string terminator, allowing an attacker to add arbitrary SQL
+ following a null byte, and thus create a SQL injection.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7695</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/30/6</url>
+ <url>http://framework.zend.com/security/advisory/ZF2015-08</url>
+ </references>
+ <dates>
+ <discovery>2015-09-15</discovery>
+ <entry>2015-10-06</entry>
+ <modified>2015-10-12</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="42852f72-6bd3-11e5-9909-002590263bf5">
+ <topic>OpenSMTPD -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>opensmtpd</name>
+ <range><lt>5.7.3,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>OpenSMTPD developers report:</p>
+ <blockquote cite="https://www.opensmtpd.org/announces/release-5.7.3.txt">
+ <p>fix an mda buffer truncation bug which allows a user to create
+ forward files that pass session checks but fail delivery later down
+ the chain, within the user mda</p>
+ <p>fix remote buffer overflow in unprivileged pony process</p>
+ <p>reworked offline enqueue to better protect against hardlink
+ attacks</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2015/10/04/2</url>
+ <url>https://www.opensmtpd.org/announces/release-5.7.3.txt</url>
+ </references>
+ <dates>
+ <discovery>2015-10-04</discovery>
+ <entry>2015-10-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5d280761-6bcf-11e5-9909-002590263bf5">
+ <topic>mbedTLS/PolarSSL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>polarssl</name>
+ <range><ge>1.2.0</ge><lt>1.2.16</lt></range>
+ </package>
+ <package>
+ <name>polarssl13</name>
+ <range><ge>1.3.0</ge><lt>1.3.13</lt></range>
+ </package>
+ <package>
+ <name>mbedtls</name>
+ <range><lt>2.1.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ARM Limited reports:</p>
+ <blockquote cite="https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.1-and-1.3.13-and-polarssl-1.2.16-released">
+ <p>Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach
+ for PKCS#1 v1.5 signatures. These releases include countermeasures
+ against that attack.</p>
+ <p>Fabian Foerg of Gotham Digital Science found a possible client-side
+ NULL pointer dereference, using the AFL Fuzzer. This dereference can
+ only occur when misusing the API, although a fix has still been
+ implemented.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.1-and-1.3.13-and-polarssl-1.2.16-released</url>
+ </references>
+ <dates>
+ <discovery>2015-09-18</discovery>
+ <entry>2015-10-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="953aaa57-6bce-11e5-9909-002590263bf5">
+ <topic>mbedTLS/PolarSSL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>polarssl</name>
+ <range><ge>1.2.0</ge><lt>1.2.15</lt></range>
+ </package>
+ <package>
+ <name>polarssl13</name>
+ <range><ge>1.3.0</ge><lt>1.3.12</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ARM Limited reports:</p>
+ <blockquote cite="https://tls.mbed.org/tech-updates/releases/polarssl-1.2.15-and-mbedtls-1.3.12-released">
+ <p>In order to strengthen the minimum requirements for connections and
+ to protect against the Logjam attack, the minimum size of
+ Diffie-Hellman parameters accepted by the client has been increased
+ to 1024 bits.</p>
+ <p>In addition the default size for the Diffie-Hellman parameters on
+ the server are increased to 2048 bits. This can be changed with
+ ssl_set_dh_params() in case this is necessary.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://tls.mbed.org/tech-updates/releases/polarssl-1.2.15-and-mbedtls-1.3.12-released</url>
+ </references>
+ <dates>
+ <discovery>2015-08-11</discovery>
+ <entry>2015-10-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9272a5b0-6b40-11e5-bd7f-bcaec565249c">
+ <topic>gdk-pixbuf2 -- head overflow and DoS</topic>
+ <affects>
+ <package>
+ <name>gdk-pixbuf2</name>
+ <range><lt>2.32.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/10/02/9">
+ <p>We found a heap overflow and a DoS in the gdk-pixbuf
+ implementation triggered by the scaling of tga file.</p>
+ </blockquote>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/10/02/10">
+ <p>We found a heap overflow in the gdk-pixbuf implementation
+ triggered by the scaling of gif file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7673</cvename>
+ <cvename>CVE-2015-7674</cvename>
+ <url>https://mail.gnome.org/archives/ftp-release-list/2015-September/msg00201.html</url>
+ <url>https://mail.gnome.org/archives/ftp-release-list/2015-September/msg00287.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/10/02/9</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/10/02/10</url>
+ </references>
+ <dates>
+ <discovery>2015-10-02</discovery>
+ <entry>2015-10-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6b3374d4-6b0b-11e5-9909-002590263bf5">
+ <topic>plone -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>plone</name>
+ <range><lt>4.3.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Plone.org reports:</p>
+ <blockquote cite="https://plone.org/products/plone/security/advisories/20150910-announcement">
+ <p>Versions Affected: All current Plone versions.</p>
+ <p>Versions Not Affected: None.</p>
+ <p>Nature of vulnerability: Allows creation of members by anonymous
+ users on sites that have self-registration enabled, allowing bypass
+ of CAPTCHA and similar protections against scripted attacks.</p>
+ <p>The patch can be added to buildouts as Products.PloneHotfix20150910
+ (available from PyPI) or downloaded from Plone.org.</p>
+ <p>Immediate Measures You Should Take: Disable self-registration until
+ you have applied the patch.</p>
+ </blockquote>
+ <blockquote cite="https://plone.org/security/20150910/non-persistent-xss-in-plone">
+ <p>Plone's URL checking infrastructure includes a method for checking
+ if URLs valid and located in the Plone site. By passing HTML into
+ this specially crafted url, XSS can be achieved.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/203255</freebsdpr>
+ <url>https://plone.org/products/plone-hotfix/releases/20150910</url>
+ <url>https://plone.org/products/plone/security/advisories/20150910-announcement</url>
+ <url>https://plone.org/security/20150910/non-persistent-xss-in-plone</url>
+ <url>https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087</url>
+ </references>
+ <dates>
+ <discovery>2015-09-10</discovery>
+ <entry>2015-10-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c1da8b75-6aef-11e5-9909-002590263bf5">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php5-phar</name>
+ <range><le>5.4.45</le></range>
+ </package>
+ <package>
+ <name>php55-phar</name>
+ <range><lt>5.5.30</lt></range>
+ </package>
+ <package>
+ <name>php56-phar</name>
+ <range><lt>5.6.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PHP reports:</p>
+ <blockquote cite="http://php.net/ChangeLog-5.php#5.5.30">
+ <p>Phar:</p>
+ <ul>
+ <li>Fixed bug #69720 (Null pointer dereference in
+ phar_get_fp_offset()).</li>
+ <li>Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream
+ when zip entry filename is "/").</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/203541</freebsdpr>
+ <cvename>CVE-2015-7803</cvename>
+ <cvename>CVE-2015-7804</cvename>
+ <url>http://php.net/ChangeLog-5.php#5.5.30</url>
+ <url>http://php.net/ChangeLog-5.php#5.6.14</url>
+ </references>
+ <dates>
+ <discovery>2015-10-01</discovery>
+ <entry>2015-10-04</entry>
+ <modified>2015-10-12</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="ee7bdf7f-11bb-4eea-b054-c692ab848c20">
+ <topic>OpenSMTPD -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>opensmtpd</name>
+ <range><lt>5.7.2,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>OpenSMTPD developers report:</p>
+ <blockquote cite="https://www.opensmtpd.org/announces/release-5.7.2.txt">
+ <p>an oversight in the portable version of fgetln() that allows
+ attackers to read and write out-of-bounds memory</p>
+ <p>multiple denial-of-service vulnerabilities that allow local users
+ to kill or hang OpenSMTPD</p>
+ <p>a stack-based buffer overflow that allows local users to crash
+ OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd
+ user</p>
+ <p>a hardlink attack (or race-conditioned symlink attack) that allows
+ local users to unset the chflags() of arbitrary files</p>
+ <p>a hardlink attack that allows local users to read the first line of
+ arbitrary files (for example, root's hash from /etc/master.passwd)
+ </p>
+ <p>a denial-of-service vulnerability that allows remote attackers to
+ fill OpenSMTPD's queue or mailbox hard-disk partition</p>
+ <p>an out-of-bounds memory read that allows remote attackers to crash
+ OpenSMTPD, or leak information and defeat the ASLR protection</p>
+ <p>a use-after-free vulnerability that allows remote attackers to
+ crash OpenSMTPD, or execute arbitrary code as the non-chrooted
+ _smtpd user</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.opensmtpd.org/announces/release-5.7.2.txt</url>
+ <cvename>CVE-2015-7687</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-02</discovery>
+ <entry>2015-10-04</entry>
+ <modified>2015-10-06</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="be3069c9-67e7-11e5-9909-002590263bf5">
+ <topic>james -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>james</name>
+ <range><lt>2.3.2.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache James Project reports:</p>
+ <blockquote cite="http://james.apache.org/download.cgi#Apache_James_Server">
+ <p>This release has many enhancements and bug fixes over the previous
+ release. See the Release Notes for a detailed list of changes. Some
+ of the earlier defects could turn a James mail server into an Open
+ Relay and allow files to be written on disk. All users of James
+ Server are urged to upgrade to version v2.3.2.1 as soon as
+ possible.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/203461</freebsdpr>
+ <certvu>988628</certvu>
+ <cvename>CVE-2015-7611</cvename>
+ <url>http://james.apache.org/download.cgi#Apache_James_Server</url>
+ <url>https://blogs.apache.org/james/entry/apache_james_server_2_3</url>
+ </references>
+ <dates>
+ <discovery>2015-09-30</discovery>
+ <entry>2015-10-01</entry>
+ <modified>2015-10-04</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="1e7f0c11-673a-11e5-98c8-60a44c524f57">
+ <topic>otrs -- Scheduler Process ID File Access</topic>
+ <affects>
+ <package>
+ <name>otrs</name>
+ <range><gt>3.2.*</gt><lt>3.2.18</lt></range>
+ <range><gt>3.3.*</gt><lt>3.3.15</lt></range>
+ <range><gt>4.0.*</gt><lt>4.0.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OTRS project reports:</p>
+ <blockquote cite="https://www.otrs.com/security-advisory-2015-02-scheduler-process-id-file-access/">
+ <p>An attacker with valid LOCAL credentials could access and
+ manipulate the process ID file for bin/otrs.schduler.pl from the
+ CLI.</p>
+ <p>The Proc::Daemon module 0.14 for Perl uses world-writable
+ permissions for a file that stores a process ID, which allows local
+ users to have an unspecified impact by modifying this file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.otrs.com/security-advisory-2015-02-scheduler-process-id-file-access/</url>
+ <cvename>CVE-2015-6842</cvename>
+ <cvename>CVE-2013-7135</cvename>
+ </references>
+ <dates>
+ <discovery>2015-09-17</discovery>
+ <entry>2015-09-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4e3e8a50-65c1-11e5-948e-bcaec565249c">
+ <topic>flash -- multiple vulnabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <range><lt>11.2r202.521</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb15-23.html">
+ <p>These updates resolve a type confusion vulnerability that could
+ lead to code execution (CVE-2015-5573).</p>
+
+ <p>These updates resolve use-after-free vulnerabilities that could
+ lead to code execution (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682).</p>
+
+ <p>These updates resolve buffer overflow vulnerabilities that could
+ lead to code execution (CVE-2015-6676, CVE-2015-6678).</p>
+
+ <p>These updates resolve memory corruption vulnerabilities that
+ could lead to code execution (CVE-2015-5575, CVE-2015-5577,
+ CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588,
+ CVE-2015-6677).</p>
+
+ <p>These updates include additional validation checks to ensure
+ that Flash Player rejects malicious content from vulnerable
+ JSONP callback APIs (CVE-2015-5571).</p>
+
+ <p>These updates resolve a memory leak vulnerability
+ (CVE-2015-5576).</p>
+
+ <p>These updates include further hardening to a mitigation to
+ defend against vector length corruptions (CVE-2015-5568).</p>
+
+ <p>These updates resolve stack corruption vulnerabilities that
+ could lead to code execution (CVE-2015-5567, CVE-2015-5579).</p>
+
+ <p>These updates resolve a stack overflow vulnerability that could
+ lead to code execution (CVE-2015-5587).</p>
+
+ <p>These updates resolve a security bypass vulnerability that could
+ lead to information disclosure (CVE-2015-5572).</p>
+
+ <p>These updates resolve a vulnerability that could be exploited to
+ bypass the same-origin-policy and lead to information disclosure
+ (CVE-2015-6679).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5567</cvename>
+ <cvename>CVE-2015-5568</cvename>
+ <cvename>CVE-2015-5570</cvename>
+ <cvename>CVE-2015-5571</cvename>
+ <cvename>CVE-2015-5572</cvename>
+ <cvename>CVE-2015-5573</cvename>
+ <cvename>CVE-2015-5574</cvename>
+ <cvename>CVE-2015-5575</cvename>
+ <cvename>CVE-2015-5576</cvename>
+ <cvename>CVE-2015-5577</cvename>
+ <cvename>CVE-2015-5578</cvename>
+ <cvename>CVE-2015-5588</cvename>
+ <cvename>CVE-2015-6676</cvename>
+ <cvename>CVE-2015-6677</cvename>
+ <cvename>CVE-2015-6678</cvename>
+ <cvename>CVE-2015-6679</cvename>
+ <cvename>CVE-2015-6682</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb15-23.html</url>
+ </references>
+ <dates>
+ <discovery>2015-09-21</discovery>
+ <entry>2015-09-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5114cd11-6571-11e5-9909-002590263bf5">
+ <topic>codeigniter -- SQL injection vulnerability</topic>
+ <affects>
+ <package>
+ <name>codeigniter</name>
+ <range><lt>2.2.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CodeIgniter changelog reports:</p>
+ <blockquote cite="https://codeigniter.com/userguide2/changelog.html">
+ <p>Security: Fixed an SQL injection vulnerability in Active Record
+ method offset().</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/203401</freebsdpr>
+ <url>https://codeigniter.com/userguide2/changelog.html</url>
+ </references>
+ <dates>
+ <discovery>2015-08-20</discovery>
+ <entry>2015-09-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="01bce4c6-6571-11e5-9909-002590263bf5">
+ <topic>codeigniter -- mysql database driver vulnerability</topic>
+ <affects>
+ <package>
+ <name>codeigniter</name>
+ <range><lt>2.2.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CodeIgniter changelog reports:</p>
+ <blockquote cite="https://codeigniter.com/userguide2/changelog.html">
+ <p>Security: Removed a fallback to mysql_escape_string() in the mysql
+ database driver (escape_str() method) when there's no active database
+ connection.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/203401</freebsdpr>
+ <url>https://codeigniter.com/userguide2/changelog.html</url>
+ </references>
+ <dates>
+ <discovery>2015-07-15</discovery>
+ <entry>2015-09-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c21f4e61-6570-11e5-9909-002590263bf5">
+ <topic>codeigniter -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>codeigniter</name>
+ <range><lt>2.2.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CodeIgniter changelog reports:</p>
+ <blockquote cite="https://codeigniter.com/userguide2/changelog.html">
+ <p>Security: Added HTTP "Host" header character validation to prevent
+ cache poisoning attacks when base_url auto-detection is used.</p>
+ <p>Security: Added FSCommand and seekSegmentTime to the "evil
+ attributes" list in CI_Security::xss_clean().</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/203401</freebsdpr>
+ <url>https://codeigniter.com/userguide2/changelog.html</url>
+ </references>
+ <dates>
+ <discovery>2015-04-15</discovery>
+ <entry>2015-09-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f838dcb4-656f-11e5-9909-002590263bf5">
+ <topic>codeigniter -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>codeigniter</name>
+ <range><lt>2.2.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CodeIgniter changelog reports:</p>
+ <blockquote cite="https://codeigniter.com/userguide2/changelog.html">
+ <p>Security: The xor_encode() method in the Encrypt Class has been
+ removed. The Encrypt Class now requires the Mcrypt extension to be
+ installed.</p>
+ <p>Security: The Session Library now uses HMAC authentication instead
+ of a simple MD5 checksum.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/203401</freebsdpr>
+ <url>https://codeigniter.com/userguide2/changelog.html</url>
+ </references>
+ <dates>
+ <discovery>2014-06-05</discovery>
+ <entry>2015-09-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b7d785ea-656d-11e5-9909-002590263bf5">
+ <topic>codeigniter -- SQL injection vulnerability</topic>
+ <affects>
+ <package>
+ <name>codeigniter</name>
+ <range><lt>2.0.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CodeIgniter changelog reports:</p>
+ <blockquote cite="https://codeigniter.com/userguide2/changelog.html">
+ <p>An improvement was made to the MySQL and MySQLi drivers to prevent
+ exposing a potential vector for SQL injection on sites using
+ multi-byte character sets in the database client connection.</p>
+ <p>An incompatibility in PHP versions < 5.2.3 and MySQL > 5.0.7
+ with mysql_set_charset() creates a situation where using multi-byte
+ character sets on these environments may potentially expose a SQL
+ injection attack vector. Latin-1, UTF-8, and other "low ASCII"
+ character sets are unaffected on all environments.</p>
+ <p>If you are running or considering running a multi-byte character
+ set for your database connection, please pay close attention to the
+ server environment you are deploying on to ensure you are not
+ vulnerable.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/156486</freebsdpr>
+ <url>https://codeigniter.com/userguide2/changelog.html</url>
+ </references>
+ <dates>
+ <discovery>2011-08-20</discovery>
+ <entry>2015-09-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0e425bb7-64f2-11e5-b2fd-00262d5ed8ee">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>45.0.2454.101</lt></range>
+ </package>
+ <package>
+ <!-- pcbsd -->
+ <name>chromium-npapi</name>
+ <range><lt>45.0.2454.101</lt></range>
+ </package>
+ <package>
+ <!-- pcbsd -->
+ <name>chromium-pulse</name>
+ <range><lt>45.0.2454.101</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2015/09/stable-channel-update_24.html">
+ <p>Two vulnerabilities were fixed in this release:</p>
+ <ul>
+ <li>[530301] High CVE-2015-1303: Cross-origin bypass in DOM. Credit
+ to Mariusz Mlynski.</li>
+ <li>[531891] High CVE-2015-1304: Cross-origin bypass in V8. Credit
+ to Mariusz Mlynski.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1303</cvename>
+ <cvename>CVE-2015-1304</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2015/09/stable-channel-update_24.html</url>
+ </references>
+ <dates>
+ <discovery>2015-09-24</discovery>
+ <entry>2015-09-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9770d6ac-614d-11e5-b379-14dae9d210b8">
+ <topic>libssh2 -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>libssh2</name>
+ <range><lt>1.5.0,2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mariusz Ziulek reports:</p>
+ <blockquote cite="http://www.libssh2.org/adv_20150311.html">
+ <p>A malicious attacker could man in the middle a real server
+ and cause libssh2 using clients to crash (denial of service) or
+ otherwise read and use completely unintended memory areas in this
+ process.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.libssh2.org/adv_20150311.html</url>
+ <url>https://trac.libssh2.org/ticket/294</url>
+ <cvename>CVE-2015-1782</cvename>
+ </references>
+ <dates>
+ <discovery>2015-01-25</discovery>
+ <entry>2015-09-22</entry>
+ <modified>2015-09-22</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="2d56c7f4-b354-428f-8f48-38150c607a05">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>41.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>41.0,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <range><lt>2.38</lt></range>
+ </package>
+ <package>
+ <name>linux-seamonkey</name>
+ <range><lt>2.38</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>38.3.0,1</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <range><lt>38.3.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>38.3.0</lt></range>
+ </package>
+ <package>
+ <name>linux-thunderbird</name>
+ <range><lt>38.3.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Project reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/">
+ <p>MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0
+ / rv:38.3)</p>
+ <p>MFSA 2015-97 Memory leak in mozTCPSocket to servers</p>
+ <p>MFSA 2015-98 Out of bounds read in QCMS library with ICC
+ V4 profile attributes</p>
+ <p>MFSA 2015-99 Site attribute spoofing on Android by
+ pasting URL with unknown scheme</p>
+ <p>MFSA 2015-100 Arbitrary file manipulation by local user
+ through Mozilla updater</p>
+ <p>MFSA 2015-101 Buffer overflow in libvpx while parsing vp9
+ format video</p>
+ <p>MFSA 2015-102 Crash when using debugger with SavedStacks
+ in JavaScript</p>
+ <p>MFSA 2015-103 URL spoofing in reader mode</p>
+ <p>MFSA 2015-104 Use-after-free with shared workers and
+ IndexedDB</p>
+ <p>MFSA 2015-105 Buffer overflow while decoding WebM
+ video</p>
+ <p>MFSA 2015-106 Use-after-free while manipulating HTML
+ media content</p>
+ <p>MFSA 2015-107 Out-of-bounds read during 2D canvas display
+ on Linux 16-bit color depth systems</p>
+ <p>MFSA 2015-108 Scripted proxies can access inner
+ window</p>
+ <p>MFSA 2015-109 JavaScript immutable property enforcement
+ can be bypassed</p>
+ <p>MFSA 2015-110 Dragging and dropping images exposes final
+ URL after redirects</p>
+ <p>MFSA 2015-111 Errors in the handling of CORS preflight
+ request headers</p>
+ <p>MFSA 2015-112 Vulnerabilities found through code
+ inspection</p>
+ <p>MFSA 2015-113 Memory safety errors in libGLES in the
+ ANGLE graphics library</p>
+ <p>MFSA 2015-114 Information disclosure via the High
+ Resolution Time API</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-4476</cvename>
+ <cvename>CVE-2015-4500</cvename>
+ <cvename>CVE-2015-4501</cvename>
+ <cvename>CVE-2015-4502</cvename>
+ <cvename>CVE-2015-4503</cvename>
+ <cvename>CVE-2015-4504</cvename>
+ <cvename>CVE-2015-4505</cvename>
+ <cvename>CVE-2015-4506</cvename>
+ <cvename>CVE-2015-4507</cvename>
+ <cvename>CVE-2015-4508</cvename>
+ <cvename>CVE-2015-4509</cvename>
+ <cvename>CVE-2015-4510</cvename>
+ <cvename>CVE-2015-4512</cvename>
+ <cvename>CVE-2015-4516</cvename>
+ <cvename>CVE-2015-4517</cvename>
+ <cvename>CVE-2015-4519</cvename>
+ <cvename>CVE-2015-4520</cvename>
+ <cvename>CVE-2015-4521</cvename>
+ <cvename>CVE-2015-4522</cvename>
+ <cvename>CVE-2015-7174</cvename>
+ <cvename>CVE-2015-7175</cvename>
+ <cvename>CVE-2015-7176</cvename>
+ <cvename>CVE-2015-7177</cvename>
+ <cvename>CVE-2015-7178</cvename>
+ <cvename>CVE-2015-7179</cvename>
+ <cvename>CVE-2015-7180</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-96/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-97/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-98/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-99/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-100/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-101/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-102/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-103/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-104/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-105/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-106/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-107/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-108/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-109/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-110/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-111/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-112/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-113/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-114/</url>
+ </references>
+ <dates>
+ <discovery>2015-09-22</discovery>
+ <entry>2015-09-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3d950687-b4c9-4a86-8478-c56743547af8">
+ <topic>ffmpeg -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libav</name>
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>gstreamer1-libav</name>
+ <!-- gst-libav-1.4.5 has libav-10.5 -->
+ <range><lt>1.5.90</lt></range>
+ </package>
+ <package>
+ <name>gstreamer-ffmpeg</name>
+ <!-- gst-ffmpeg-0.10.13 has libav-0.7.2 (0.7.7 in freebsd port) -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>handbrake</name>
+ <!-- handbrake-0.10.2 has libav-10.1 -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>ffmpeg</name>
+ <range><lt>2.7.2,1</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg26</name>
+ <range><lt>2.6.4</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg25</name>
+ <range><lt>2.5.8</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg24</name>
+ <range><lt>2.4.11</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg-devel</name>
+ <name>ffmpeg23</name>
+ <name>ffmpeg2</name>
+ <name>ffmpeg1</name>
+ <name>ffmpeg-011</name>
+ <name>ffmpeg0</name>
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>avidemux</name>
+ <name>avidemux2</name>
+ <name>avidemux26</name>
+ <!-- avidemux-2.6.10 has ffmpeg-2.6.1 -->
+ <range><lt>2.6.11</lt></range>
+ </package>
+ <package>
+ <name>kodi</name>
+ <!-- kodi-14.2 has ffmpeg-2.4.6 -->
+ <range><lt>15.1</lt></range>
+ </package>
+ <package>
+ <name>mplayer</name>
+ <name>mencoder</name>
+ <!-- mplayer-1.1.r20150403 has ffmpeg-2.7.0+ (snapshot, c299fbb) -->
+ <range><lt>1.1.r20150822</lt></range>
+ </package>
+ <package>
+ <name>mythtv</name>
+ <name>mythtv-frontend</name>
+ <!-- mythtv-0.27.0.20140121 has ffmpeg-1.2.2+ (snapshot, f9c8726) -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>plexhometheater</name>
+ <!-- plexhometheater-1.4.1 has ffmpeg-0.10.2 fork -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6818">
+ <p>The decode_ihdr_chunk function in libavcodec/pngdec.c in
+ FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR
+ (aka image header) chunk in a PNG image, which allows remote
+ attackers to cause a denial of service (out-of-bounds array
+ access) or possibly have unspecified other impact via a
+ crafted image with two or more of these chunks.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6819">
+ <p>Multiple integer underflows in the ff_mjpeg_decode_frame
+ function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2
+ allow remote attackers to cause a denial of service
+ (out-of-bounds array access) or possibly have unspecified
+ other impact via crafted MJPEG data.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6820">
+ <p>The ff_sbr_apply function in libavcodec/aacsbr.c in
+ FFmpeg before 2.7.2 does not check for a matching AAC frame
+ syntax element before proceeding with Spectral Band
+ Replication calculations, which allows remote attackers to
+ cause a denial of service (out-of-bounds array access) or
+ possibly have unspecified other impact via crafted AAC
+ data.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6821">
+ <p>The ff_mpv_common_init function in libavcodec/mpegvideo.c
+ in FFmpeg before 2.7.2 does not properly maintain the
+ encoding context, which allows remote attackers to cause a
+ denial of service (invalid pointer access) or possibly have
+ unspecified other impact via crafted MPEG data.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6822">
+ <p>The destroy_buffers function in libavcodec/sanm.c in
+ FFmpeg before 2.7.2 does not properly maintain height and
+ width values in the video context, which allows remote
+ attackers to cause a denial of service (segmentation
+ violation and application crash) or possibly have
+ unspecified other impact via crafted LucasArts Smush video
+ data.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6823">
+ <p>The allocate_buffers function in libavcodec/alac.c in
+ FFmpeg before 2.7.2 does not initialize certain context
+ data, which allows remote attackers to cause a denial of
+ service (segmentation violation) or possibly have
+ unspecified other impact via crafted Apple Lossless Audio
+ Codec (ALAC) data.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6824">
+ <p>The sws_init_context function in libswscale/utils.c in
+ FFmpeg before 2.7.2 does not initialize certain pixbuf data
+ structures, which allows remote attackers to cause a denial
+ of service (segmentation violation) or possibly have
+ unspecified other impact via crafted video data.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6825">
+ <p>The ff_frame_thread_init function in
+ libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles
+ certain memory-allocation failures, which allows remote
+ attackers to cause a denial of service (invalid pointer
+ access) or possibly have unspecified other impact via a
+ crafted file, as demonstrated by an AVI file.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6826">
+ <p>The ff_rv34_decode_init_thread_copy function in
+ libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize
+ certain structure members, which allows remote attackers to
+ cause a denial of service (invalid pointer access) or
+ possibly have unspecified other impact via crafted (1) RV30
+ or (2) RV40 RealVideo data.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-6818</cvename>
+ <cvename>CVE-2015-6819</cvename>
+ <cvename>CVE-2015-6820</cvename>
+ <cvename>CVE-2015-6821</cvename>
+ <cvename>CVE-2015-6822</cvename>
+ <cvename>CVE-2015-6823</cvename>
+ <cvename>CVE-2015-6824</cvename>
+ <cvename>CVE-2015-6825</cvename>
+ <cvename>CVE-2015-6826</cvename>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=84afc6b70d24fc0bf686e43138c96cf60a9445fe</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7068bf277a37479aecde2832208d820682b35e6</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a38264f20382731cf2cc75fdd98f4c9a84a626</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a</url>
+ <url>https://ffmpeg.org/security.html</url>
+ </references>
+ <dates>
+ <discovery>2015-09-05</discovery>
+ <entry>2015-09-20</entry>
+ <modified>2015-09-20</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="c2fcbec2-5daa-11e5-9909-002590263bf5">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle27</name>
+ <range><lt>2.7.10</lt></range>
+ </package>
+ <package>
+ <name>moodle28</name>
+ <range><lt>2.8.8</lt></range>
+ </package>
+ <package>
+ <name>moodle29</name>
+ <range><lt>2.9.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Moodle Release Notes report:</p>
+ <blockquote cite="https://docs.moodle.org/dev/Moodle_2.7.10_release_notes">
+ <p>MSA-15-0030: Students can re-attempt answering questions in the
+ lesson (CVE-2015-5264)</p>
+ <p>MSA-15-0031: Teacher in forum can still post to "all participants"
+ and groups they are not members of (CVE-2015-5272 - 2.7.10 only)</p>
+ <p>MSA-15-0032: Users can delete files uploaded by other users in wiki
+ (CVE-2015-5265)</p>
+ <p>MSA-15-0033: Meta course synchronization enrolls suspended students
+ as managers for a short period of time (CVE-2015-5266)</p>
+ <p>MSA-15-0034: Vulnerability in password recovery mechanism
+ (CVE-2015-5267)</p>
+ <p>MSA-15-0035: Rating component does not check separate groups
+ (CVE-2015-5268)</p>
+ <p>MSA-15-0036: XSS in grouping description (CVE-2015-5269)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5264</cvename>
+ <cvename>CVE-2015-5272</cvename>
+ <cvename>CVE-2015-5265</cvename>
+ <cvename>CVE-2015-5266</cvename>
+ <cvename>CVE-2015-5267</cvename>
+ <cvename>CVE-2015-5268</cvename>
+ <cvename>CVE-2015-5269</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/21/1</url>
+ <url>https://docs.moodle.org/dev/Moodle_2.7.10_release_notes</url>
+ <url>https://docs.moodle.org/dev/Moodle_2.8.8_release_notes</url>
+ <url>https://docs.moodle.org/dev/Moodle_2.9.2_release_notes</url>
+ </references>
+ <dates>
+ <discovery>2015-09-14</discovery>
+ <entry>2015-09-18</entry>
+ <modified>2015-09-24</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="d3a98c2d-5da1-11e5-9909-002590263bf5">
+ <topic>squid -- TLS/SSL parser denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>squid</name>
+ <range><ge>3.5.0.1</ge><lt>3.5.9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Amos Jeffries, release manager of the Squid-3 series, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/09/18/1">
+ <p>Vulnerable versions are 3.5.0.1 to 3.5.8 (inclusive), which are
+ built with OpenSSL and configured for "SSL-Bump" decryption.</p>
+ <p>Integer overflows can lead to invalid pointer math reading from
+ random memory on some CPU architectures. In the best case this leads
+ to wrong TLS extensiosn being used for the client, worst-case a
+ crash of the proxy terminating all active transactions.</p>
+ <p>Incorrect message size checks and assumptions about the existence
+ of TLS extensions in the SSL/TLS handshake message can lead to very
+ high CPU consumption (up to and including 'infinite loop'
+ behaviour).</p>
+ <p>The above can be triggered remotely. Though there is one layer of
+ authorization applied before this processing to check that the
+ client is allowed to use the proxy, that check is generally weak. MS
+ Skype on Windows XP is known to trigger some of these.</p>
+ </blockquote>
+ <p>The FreeBSD port does not use SSL by default and is not vulnerable
+ in the default configuration.</p>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/203186</freebsdpr>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/18/1</url>
+ </references>
+ <dates>
+ <discovery>2015-09-18</discovery>
+ <entry>2015-09-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b55ecf12-5d98-11e5-9909-002590263bf5">
+ <topic>remind -- buffer overflow with malicious reminder file input</topic>
+ <affects>
+ <package>
+ <name>remind</name>
+ <range><lt>3.1.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Dianne Skoll reports:</p>
+ <blockquote cite="http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html">
+ <p>BUG FIX: Fix a buffer overflow found by Alexander Keller.</p>
+ </blockquote>
+ <p>The bug can be manifested by an extended DUMP command using a system
+ variable (that is a special variable whose name begins with '$')</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5957</cvename>
+ <freebsdpr>ports/202942</freebsdpr>
+ <url>http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/08/07/1</url>
+ </references>
+ <dates>
+ <discovery>2015-07-27</discovery>
+ <entry>2015-09-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d45ad7ae-5d56-11e5-9ad8-14dae9d210b8">
+ <topic>shutter -- arbitrary code execution</topic>
+ <affects>
+ <package>
+ <name>shutter</name>
+ <range><ge>0.80</ge><lt>0.93.1_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Luke Farone reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2015/q3/541">
+ <p>In the "Shutter" screenshot application, I discovered that using the
+ "Show in folder" menu option while viewing a file with a
+ specially-crafted path allows for arbitrary code execution with the
+ permissions of the user running Shutter.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2015/q3/541</url>
+ <url>https://bugs.launchpad.net/shutter/+bug/1495163</url>
+ <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798862</url>
+ <cvename>CVE-2015-0854</cvename>
+ </references>
+ <dates>
+ <discovery>2015-09-13</discovery>
+ <entry>2015-09-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a233d51f-5d4c-11e5-9ad8-14dae9d210b8">
+ <topic>openjpeg -- use-after-free vulnerability</topic>
+ <affects>
+ <package>
+ <name>openjpeg</name>
+ <range><lt>2.1.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Feist Josselin reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2015/q3/550">
+ <p>Use-after-free was found in openjpeg. The vuln is fixed in
+ version 2.1.1 and was located in opj_j2k_write_mco function.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2015/q3/550</url>
+ <url>https://github.com/uclouvain/openjpeg/issues/563</url>
+ </references>
+ <dates>
+ <discovery>2015-08-14</discovery>
+ <entry>2015-09-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bab05188-5d4b-11e5-9ad8-14dae9d210b8">
+ <topic>optipng -- use-after-free vulnerability</topic>
+ <affects>
+ <package>
+ <name>optipng</name>
+ <range><le>0.6.5</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Gustavo Grieco reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2015/q3/556">
+ <p>We found a use-after-free causing an invalid/double free in
+ optipng 0.6.4.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2015/q3/556</url>
+ <cvename>CVE-2015-7801</cvename>
+ </references>
+ <dates>
+ <discovery>2015-09-16</discovery>
+ <entry>2015-09-17</entry>
+ <modified>2015-10-14</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="3c259621-5d4a-11e5-9ad8-14dae9d210b8">
+ <topic>openslp -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>openslp</name>
+ <range><lt>2.0.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Qinghao Tang reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2015/q3/559">
+ <p>The function ParseExtension() in openslp 1.2.1 exists a
+ vulnerability , an attacher can cause a denial of service
+ (infinite loop) via a packet with crafted "nextoffset"
+ value and "extid" value.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2015/q3/559</url>
+ <cvename>CVE-2015-5155</cvename>
+ </references>
+ <dates>
+ <discovery>2015-09-16</discovery>
+ <entry>2015-09-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8f5c9dd6-5cac-11e5-9ad8-14dae9d210b8">
+ <topic>p7zip -- directory traversal vulnerability</topic>
+ <affects>
+ <package>
+ <name>p7zip</name>
+ <range><lt>9.38.1_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Alexander Cherepanov reports:</p>
+ <blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660">
+ <p>7z (and 7zr) is susceptible to a directory traversal vulnerability.
+ While extracting an archive, it will extract symlinks and then follow
+ them if they are referenced in further entries. This can be exploited by
+ a rogue archive to write files outside the current directory.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/01/11/2</url>
+ <url>http://sourceforge.net/p/p7zip/bugs/147/</url>
+ <cvename>CVE-2015-1038</cvename>
+ </references>
+ <dates>
+ <discovery>2015-01-05</discovery>
+ <entry>2015-09-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="31ea7f73-5c55-11e5-8607-74d02b9a84d5">
+ <topic>h2o -- directory traversal vulnerability</topic>
+ <affects>
+ <package>
+ <name>h2o</name>
+ <range><lt>1.4.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Yakuzo reports:</p>
+ <blockquote cite="https://h2o.examp1e.net/vulnerabilities.html">
+ <p>H2O (up to version 1.4.4 / 1.5.0-beta1) contains a flaw in its URL
+ normalization logic.</p>
+ <p>When file.dir directive is used, this flaw
+ allows a remote attacker to retrieve arbitrary files that exist
+ outside the directory specified by the directive.</p>
+ <p>H2O version 1.4.5 and version 1.5.0-beta2 have been released
+ to address this vulnerability.</p>
+ <p>Users are advised to upgrade their servers immediately.</p>
+ <p>The vulnerability was reported by: Yusuke OSUMI.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5638</cvename>
+ <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5638</url>
+ </references>
+ <dates>
+ <discovery>2015-09-14</discovery>
+ <entry>2015-09-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f4ce64c2-5bd4-11e5-9040-3c970e169bc2">
+ <topic>wordpress -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>4.3.1,1</lt></range>
+ </package>
+ <package>
+ <name>de-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <range><lt>4.3.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Samuel Sidler reports:</p>
+ <blockquote cite="https://wordpress.org/news/2015/09/wordpress-4-3-1/">
+ <p>WordPress 4.3.1 is now available. This is a security
+ release for all previous versions and we strongly
+ encourage you to update your sites immediately.</p>
+ <ul>
+ <li>WordPress versions 4.3 and earlier are vulnerable
+ to a cross-site scripting vulnerability when processing
+ shortcode tags (CVE-2015-5714). Reported by Shahar Tal
+ and Netanel Rubin of <a href="http://checkpoint.com/">Check Point</a>.</li>
+ <li>A separate cross-site scripting vulnerability was found
+ in the user list table. Reported by Ben Bidner of the
+ WordPress security team.</li>
+ <li>Finally, in certain cases, users without proper
+ permissions could publish private posts and make
+ them sticky (CVE-2015-5715). Reported by Shahar Tal
+ and Netanel Rubin of <a href="http://checkpoint.com/">Check Point</a>.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5714</cvename>
+ <cvename>CVE-2015-5715</cvename>
+ <cvename>CVE-2015-7989</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/10/28/1</url>
+ <url>https://wordpress.org/news/2015/09/wordpress-4-3-1/</url>
+ </references>
+ <dates>
+ <discovery>2015-09-15</discovery>
+ <entry>2015-09-15</entry>
+ <modified>2015-10-29</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="ea893f06-5a92-11e5-98c0-20cf30e32f6d">
+ <topic>Bugzilla security issues</topic>
+ <affects>
+ <package>
+ <name>bugzilla44</name>
+ <range><lt>4.4.10</lt></range>
+ </package>
+ <package>
+ <name>bugzilla50</name>
+ <range><lt>5.0.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Bugzilla Security Advisory</p>
+ <blockquote cite="https://www.bugzilla.org/security/4.2.14/">
+ <p>Login names (usually an email address) longer than 127
+ characters are silently truncated in MySQL which could
+ cause the domain name of the email address to be
+ corrupted. An attacker could use this vulnerability to
+ create an account with an email address different from the
+ one originally requested. The login name could then be
+ automatically added to groups based on the group's regular
+ expression setting.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-4499</cvename>
+ <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1202447</url>
+ </references>
+ <dates>
+ <discovery>2015-09-10</discovery>
+ <entry>2015-09-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4910d161-58a4-11e5-9ad8-14dae9d210b8">
+ <topic>openldap -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>openldap-server</name>
+ <range><lt>2.4.42_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Denis Andzakovic reports:</p>
+ <blockquote cite="http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240">
+ <p>By sending a crafted packet, an attacker may cause the
+ OpenLDAP server to reach an assert(9 9 statement, crashing the daemon.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240</url>
+ <url>http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629</url>
+ <cvename>CVE-2015-6908</cvename>
+ </references>
+ <dates>
+ <discovery>2015-09-09</discovery>
+ <entry>2015-09-12</entry>
+ <modified>2015-09-13</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="a35f415d-572a-11e5-b0a4-f8b156b6dcc8">
+ <topic>vorbis-tools, opus-tools -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>vorbis-tools</name>
+ <range><lt>1.4.0_10,3</lt></range>
+ </package>
+ <package>
+ <name>opus-tools</name>
+ <range><lt>0.1.9_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Paris Zoumpouloglou reports:</p>
+ <blockquote cite="https://trac.xiph.org/ticket/2136">
+ <p>I discovered an integer overflow issue in oggenc,
+ related to the number of channels in the input WAV file.
+ The issue triggers an out-of-bounds memory access which
+ causes oggenc to crash.</p>
+ </blockquote>
+ <p>Paris Zoumpouloglou reports:</p>
+ <blockquote cite="https://trac.xiph.org/ticket/2136">
+ <p>A crafted WAV file with number of channels set to 0
+ will cause oggenc to crash due to a division by zero
+ issue.</p>
+ </blockquote>
+ <p>pengsu reports:</p>
+ <blockquote cite="https://trac.xiph.org/ticket/2212">
+ <p>I discovered an buffer overflow issue in oggenc/audio.c
+ when it tries to open invalid aiff file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/202941</freebsdpr>
+ <url>https://trac.xiph.org/ticket/2136</url>
+ <cvename>CVE-2014-9639</cvename>
+ <url>https://trac.xiph.org/ticket/2137</url>
+ <cvename>CVE-2014-9638</cvename>
+ <url>https://trac.xiph.org/ticket/2212</url>
+ <cvename>CVE-2015-6749</cvename>
+ </references>
+ <dates>
+ <discovery>2015-08-08</discovery>
+ <entry>2015-09-09</entry>
+ <modified>2015-09-09</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="d76961da-56f6-11e5-934b-002590263bf5">
+ <topic>pgbouncer -- failed auth_query lookup leads to connection as auth_user</topic>
+ <affects>
+ <package>
+ <name>pgbouncer</name>
+ <range><eq>1.6.0</eq></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PgBouncer reports:</p>
+ <blockquote cite="http://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/">
+ <p>New auth_user functionality introduced in 1.6 allows login as
+ auth_user when client presents unknown username. It's quite likely
+ auth_user is superuser. Affects only setups that have enabled
+ auth_user in their config.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-6817</cvename>
+ <url>https://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/</url>
+ <url>https://github.com/pgbouncer/pgbouncer/issues/69</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/04/3</url>
+ </references>
+ <dates>
+ <discovery>2015-09-03</discovery>
+ <entry>2015-09-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3904f759-5659-11e5-a207-6805ca0b3d42">
+ <topic>phpMyAdmin -- reCaptcha bypass</topic>
+ <affects>
+ <package>
+ <name>phpMyAdmin</name>
+ <range><ge>4.4.0</ge><lt>4.4.14.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2015-4/">
+ <p>This vulnerability allows to complete the reCaptcha test
+ and subsequently perform a brute force attack to guess user
+ credentials without having to complete further reCaptcha
+ tests.</p>
+
+ <p>We consider this vulnerability to be non critical since
+ reCaptcha is an additional opt-in security measure.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2015-4/</url>
+ <cvename>CVE-2015-6830</cvename>
+ </references>
+ <dates>
+ <discovery>2015-09-08</discovery>
+ <entry>2015-09-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3d675519-5654-11e5-9ad8-14dae9d210b8">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php5</name>
+ <name>php5-soap</name>
+ <name>php5-xsl</name>
+ <range><lt>5.4.45</lt></range>
+ </package>
+ <package>
+ <name>php55</name>
+ <name>php55-soap</name>
+ <name>php55-xsl</name>
+ <range><lt>5.5.29</lt></range>
+ </package>
+ <package>
+ <name>php56</name>
+ <name>php56-soap</name>
+ <name>php56-xsl</name>
+ <range><lt>5.6.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PHP reports:</p>
+ <blockquote cite="http://php.net/ChangeLog-5.php#5.4.45">
+ <ul><li>Core:
+ <ul>
+ <li>Fixed bug #70172 (Use After Free Vulnerability in unserialize()).</li>
+ <li>Fixed bug #70219 (Use after free vulnerability in session deserializer).</li>
+ </ul></li>
+ <li>EXIF:
+ <ul>
+ <li>Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).</li>
+ </ul></li>
+ <li>hash:
+ <ul>
+ <li>Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).</li>
+ </ul></li>
+ <li>PCRE:
+ <ul>
+ <li>Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).</li>
+ </ul></li>
+ <li>SOAP:
+ <ul>
+ <li>Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).</li>
+ </ul></li>
+ <li>SPL:
+ <ul>
+ <li>Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).</li>
+ <li>Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).</li>
+ </ul></li>
+ <li>XSLT:
+ <ul>
+ <li>Fixed bug #69782 (NULL pointer dereference).</li>
+ </ul></li>
+ <li>ZIP:
+ <ul>
+ <li>Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).</li>
+ </ul></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://php.net/ChangeLog-5.php#5.4.45</url>
+ <url>http://php.net/ChangeLog-5.php#5.5.29</url>
+ <url>http://php.net/ChangeLog-5.php#5.6.13</url>
+ <cvename>CVE-2015-6834</cvename>
+ <cvename>CVE-2015-6835</cvename>
+ <cvename>CVE-2015-6836</cvename>
+ <cvename>CVE-2015-6837</cvename>
+ <cvename>CVE-2015-6838</cvename>
+ </references>
+ <dates>
+ <discovery>2015-09-03</discovery>
+ <entry>2015-09-08</entry>
+ <modified>2015-09-08</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="d68df01b-564e-11e5-9ad8-14dae9d210b8">
+ <topic>ganglia-webfrontend -- auth bypass</topic>
+ <affects>
+ <package>
+ <name>ganglia-webfrontend</name>
+ <range><lt>3.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ivan Novikov reports:</p>
+ <blockquote cite="https://github.com/ganglia/ganglia-web/issues/267">
+ <p>It's easy to bypass auth by using boolean serialization...</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/ganglia/ganglia-web/issues/267</url>
+ <cvename>CVE-2015-6816</cvename>
+ </references>
+ <dates>
+ <discovery>2015-09-04</discovery>
+ <entry>2015-09-08</entry>
+ <modified>2015-09-08</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="9bdd8eb5-564a-11e5-9ad8-14dae9d210b8">
+ <topic>wireshark -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wireshark</name>
+ <name>wireshark-lite</name>
+ <name>wireshark-qt5</name>
+ <name>tshark</name>
+ <name>tshark-lite</name>
+ <range><lt>1.12.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Wireshark development team reports:</p>
+ <blockquote cite="https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html">
+ <p>The following vulnerabilities have been fixed.</p>
+ <ul>
+ <li><p>wnpa-sec-2015-21</p>
+ <p>Protocol tree crash. (Bug 11309)</p></li>
+ <li><p>wnpa-sec-2015-22</p>
+ <p>Memory manager crash. (Bug 11373)</p></li>
+ <li><p>wnpa-sec-2015-23</p>
+ <p>Dissector table crash. (Bug 11381)</p></li>
+ <li><p>wnpa-sec-2015-24</p>
+ <p>ZigBee crash. (Bug 11389)</p></li>
+ <li><p>wnpa-sec-2015-25</p>
+ <p>GSM RLC/MAC infinite loop. (Bug 11358)</p></li>
+ <li><p>wnpa-sec-2015-26</p>
+ <p>WaveAgent crash. (Bug 11358)</p></li>
+ <li><p>wnpa-sec-2015-27</p>
+ <p>OpenFlow infinite loop. (Bug 11358)</p></li>
+ <li><p>wnpa-sec-2015-28</p>
+ <p>Ptvcursor crash. (Bug 11358)</p></li>
+ <li><p>wnpa-sec-2015-29</p>
+ <p>WCCP crash. (Bug 11358)</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html</url>
+ <cvename>CVE-2015-6241</cvename>
+ <cvename>CVE-2015-6242</cvename>
+ <cvename>CVE-2015-6243</cvename>
+ <cvename>CVE-2015-6244</cvename>
+ <cvename>CVE-2015-6245</cvename>
+ <cvename>CVE-2015-6246</cvename>
+ <cvename>CVE-2015-6247</cvename>
+ <cvename>CVE-2015-6248</cvename>
+ <cvename>CVE-2015-6249</cvename>
+ </references>
+ <dates>
+ <discovery>2015-08-12</discovery>
+ <entry>2015-09-08</entry>
+ <modified>2015-09-08</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="98092444-5645-11e5-9ad8-14dae9d210b8">
+ <topic>screen -- stack overflow</topic>
+ <affects>
+ <package>
+ <name>screen</name>
+ <range><lt>4.3.1_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Kuang-che Wu reports:</p>
+ <blockquote cite="https://savannah.gnu.org/bugs/?45713">
+ <p>screen will recursively call MScrollV to depth n/256. This
+ is time consuming and will overflow stack if n is huge.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://savannah.gnu.org/bugs/?45713</url>
+ <cvename>CVE-2015-6806</cvename>
+ </references>
+ <dates>
+ <discovery>2015-08-07</discovery>
+ <entry>2015-09-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b5e654c3-5644-11e5-9ad8-14dae9d210b8">
+ <topic>libvncserver -- memory corruption</topic>
+ <affects>
+ <package>
+ <name>libvncserver</name>
+ <range><lt>0.9.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Petr Pisar reports:</p>
+ <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=706087">
+ <p>libvncserver/tight.c:rfbTightCleanup() frees a buffer without zeroing freed pointer.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=706087</url>
+ <url>https://github.com/LibVNC/libvncserver/commit/804335f9d296440bb708ca844f5d89b58b50b0c6</url>
+ </references>
+ <dates>
+ <discovery>2011-05-19</discovery>
+ <entry>2015-09-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ed0ecad5-531d-11e5-9850-bcaec565249c">
+ <topic>gdk-pixbuf2 -- integer overflows</topic>
+ <affects>
+ <package>
+ <name>gdk-pixbuf2</name>
+ <range><lt>2.31.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Matthias Clasen reports:</p>
+ <blockquote cite="https://mail.gnome.org/archives/ftp-release-list/2015-September/msg00013.html">
+ <p>Fix several integer overflows.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://mail.gnome.org/archives/ftp-release-list/2015-September/msg00013.html</url>
+ </references>
+ <dates>
+ <discovery>2015-09-01</discovery>
+ <entry>2015-09-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2c5e7e23-5248-11e5-9ad8-14dae9d210b8">
+ <topic>bind -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>bind99</name>
+ <range><ge>9.9.7</ge><lt>9.9.7P3</lt></range>
+ </package>
+ <package>
+ <name>bind910</name>
+ <range><lt>9.10.2P4</lt></range>
+ </package>
+ <package>
+ <name>bind910-base</name>
+ <name>bind99-base</name>
+ <range><gt>0</gt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/">
+ <p>An incorrect boundary check in openpgpkey_61.c can cause
+ named to terminate due to a REQUIRE assertion failure. This defect can
+ be deliberately exploited by an attacker who can provide a maliciously
+ constructed response in answer to a query.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/</url>
+ <cvename>CVE-2015-5986</cvename>
+ </references>
+ <dates>
+ <discovery>2015-08-19</discovery>
+ <entry>2015-09-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="eaf3b255-5245-11e5-9ad8-14dae9d210b8">
+ <topic>bind -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>bind99</name>
+ <range><lt>9.9.7P3</lt></range>
+ </package>
+ <package>
+ <name>bind910</name>
+ <range><ge>9.10.2</ge><lt>9.10.2P4</lt></range>
+ </package>
+ <package>
+ <name>bind910-base</name>
+ <name>bind99-base</name>
+ <range><gt>0</gt></range>
+ </package>
+ <package>
+ <name>FreeBSD</name>
+ <range><gt>9.3</gt><le>9.3_25</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/">
+ <p>Parsing a malformed DNSSEC key can cause a validating
+ resolver to exit due to a failed assertion in buffer.c. It is possible
+ for a remote attacker to deliberately trigger this condition, for
+ example by using a query which requires a response from a zone
+ containing a deliberately malformed key.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/</url>
+ <cvename>CVE-2015-5722</cvename>
+ </references>
+ <dates>
+ <discovery>2015-08-19</discovery>
+ <entry>2015-09-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a9350df8-5157-11e5-b5c1-e8e0b747a45a">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>45.0.2454.85</lt></range>
+ </package>
+ <package>
+ <!--pcbsd-->
+ <name>chromium-npapi</name>
+ <range><lt>45.0.2454.85</lt></range>
+ </package>
+ <package>
+ <!--pcbsd-->
+ <name>chromium-pulse</name>
+ <range><lt>45.0.2454.85</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl">
+ <p>29 security fixes in this release, including:</p>
+ <ul>
+ <li>[516377] High CVE-2015-1291: Cross-origin bypass in DOM. Credit
+ to anonymous.</li>
+ <li>[522791] High CVE-2015-1292: Cross-origin bypass in
+ ServiceWorker. Credit to Mariusz Mlynski.</li>
+ <li>[524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit
+ to Mariusz Mlynski.</li>
+ <li>[492263] High CVE-2015-1294: Use-after-free in Skia. Credit
+ to cloudfuzzer.</li>
+ <li>[502562] High CVE-2015-1295: Use-after-free in Printing. Credit
+ to anonymous.</li>
+ <li>[421332] High CVE-2015-1296: Character spoofing in omnibox.
+ Credit to zcorpan.</li>
+ <li>[510802] Medium CVE-2015-1297: Permission scoping error in
+ Webrequest. Credit to Alexander Kashev.</li>
+ <li>[518827] Medium CVE-2015-1298: URL validation error in
+ extensions. Credit to Rob Wu.</li>
+ <li>[416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit
+ to taro.suzuki.dev.</li>
+ <li>[511616] Medium CVE-2015-1300: Information leak in Blink. Credit
+ to cgvwzq.</li>
+ <li>[526825] CVE-2015-1301: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1291</cvename>
+ <cvename>CVE-2015-1292</cvename>
+ <cvename>CVE-2015-1293</cvename>
+ <cvename>CVE-2015-1294</cvename>
+ <cvename>CVE-2015-1295</cvename>
+ <cvename>CVE-2015-1296</cvename>
+ <cvename>CVE-2015-1297</cvename>
+ <cvename>CVE-2015-1298</cvename>
+ <cvename>CVE-2015-1299</cvename>
+ <cvename>CVE-2015-1300</cvename>
+ <cvename>CVE-2015-1301</cvename>
+ <url>http://googlechromereleases.blogspot.nl</url>
+ </references>
+ <dates>
+ <discovery>2015-09-01</discovery>
+ <entry>2015-09-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="55c43f5b-5190-11e5-9ad8-14dae9d210b8">
+ <topic>powerdns -- denial of service</topic>
+ <affects>
+ <package>
+ <name>powerdns</name>
+ <range><ge>3.4.0</ge><lt>3.4.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PowerDNS reports:</p>
+ <blockquote cite="https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/">
+ <p>A bug was found in our DNS packet parsing/generation code,
+ which, when exploited, can cause individual threads (disabling service)
+ or whole processes (allowing a supervisor to restart them) to crash with
+ just one or a few query packets.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/</url>
+ <cvename>CVE-2015-5230</cvename>
+ </references>
+ <dates>
+ <discovery>2015-09-02</discovery>
+ <entry>2015-09-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="fc1f6658-4f53-11e5-934b-002590263bf5">
+ <topic>ghostscript -- denial of service (crash) via crafted Postscript files</topic>
+ <affects>
+ <package>
+ <name>ghostscript7</name>
+ <name>ghostscript7-nox11</name>
+ <name>ghostscript7-base</name>
+ <name>ghostscript7-x11</name>
+ <range><lt>7.07_32</lt></range>
+ </package>
+ <package>
+ <name>ghostscript8</name>
+ <name>ghostscript8-nox11</name>
+ <name>ghostscript8-base</name>
+ <name>ghostscript8-x11</name>
+ <range><lt>8.71_19</lt></range>
+ </package>
+ <package>
+ <name>ghostscript9</name>
+ <name>ghostscript9-nox11</name>
+ <name>ghostscript9-base</name>
+ <name>ghostscript9-x11</name>
+ <range><lt>9.06_11</lt></range>
+ </package>
+ <package>
+ <name>ghostscript9-agpl</name>
+ <name>ghostscript9-agpl-nox11</name>
+ <range><lt>9.15_2</lt></range>
+ </package>
+ <package>
+ <name>ghostscript9-agpl-base</name>
+ <name>ghostscript9-agpl-x11</name>
+ <range><lt>9.16_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3228">
+ <p>Integer overflow in the gs_heap_alloc_bytes function in
+ base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote
+ attackers to cause a denial of service (crash) via a crafted
+ Postscript (ps) file, as demonstrated by using the ps2pdf command,
+ which triggers an out-of-bounds read or write.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-3228</cvename>
+ <url>http://bugs.ghostscript.com/show_bug.cgi?id=696041</url>
+ <url>http://bugs.ghostscript.com/show_bug.cgi?id=696070</url>
+ <url>http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859</url>
+ </references>
+ <dates>
+ <discovery>2015-06-17</discovery>
+ <entry>2015-09-01</entry>
+ <modified>2015-09-02</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="80c66af0-d1c5-449e-bd31-63b12525ff88">
+ <topic>ffmpeg -- out-of-bounds array access</topic>
+ <affects>
+ <package>
+ <name>libav</name>
+ <range><ge>11.0</ge><lt>11.4</lt></range>
+ <range><lt>10.7</lt></range>
+ </package>
+ <package>
+ <name>gstreamer1-libav</name>
+ <!-- gst-libav-1.4.5 has libav-10.5 -->
+ <range><lt>1.5.1</lt></range>
+ </package>
+ <package>
+ <name>handbrake</name>
+ <!-- handbrake-0.10.2 has libav-10.1 -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>ffmpeg</name>
+ <range><ge>2.2.0,1</ge><lt>2.2.15,1</lt></range>
+ <range><lt>2.0.7,1</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg26</name>
+ <range><lt>2.6.2</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg25</name>
+ <range><lt>2.5.6</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg24</name>
+ <range><lt>2.4.8</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg23</name>
+ <!-- just in case: f7e1367 wasn't cherry-picked -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>ffmpeg1</name>
+ <!-- just in case: f7e1367 wasn't cherry-picked -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>avidemux</name>
+ <name>avidemux26</name>
+ <!-- avidemux-2.6.10 has ffmpeg-2.6.1 -->
+ <range><lt>2.6.11</lt></range>
+ </package>
+ <package>
+ <name>kodi</name>
+ <!-- kodi-14.2 has ffmpeg-2.4.6 -->
+ <range><lt>15.1</lt></range>
+ </package>
+ <package>
+ <name>mplayer</name>
+ <name>mencoder</name>
+ <!-- mplayer-1.1.r20141223 has ffmpeg-2.5.1+ (snapshot, 03b84f2) -->
+ <range><lt>1.1.r20150403</lt></range>
+ </package>
+ <package>
+ <name>mythtv</name>
+ <name>mythtv-frontend</name>
+ <!-- mythtv-0.27.0.20140121 has ffmpeg-1.2.2+ (snapshot, f9c8726) -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3395">
+ <p>The msrle_decode_pal4 function in msrledec.c in Libav
+ before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7,
+ 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6,
+ and 2.6.x before 2.6.2 allows remote attackers to have
+ unspecified impact via a crafted image, related to a pixel
+ pointer, which triggers an out-of-bounds array access.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-3395</cvename>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7e1367f58263593e6cee3c282f7277d7ee9d553</url>
+ <url>https://git.libav.org/?p=libav.git;a=commit;h=5ecabd3c54b7c802522dc338838c9a4c2dc42948</url>
+ <url>https://ffmpeg.org/security.html</url>
+ <url>https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4</url>
+ </references>
+ <dates>
+ <discovery>2015-04-12</discovery>
+ <entry>2015-09-01</entry>
+ <modified>2015-09-20</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="da434a78-e342-4d9a-87e2-7497e5f117ba">
+ <topic>ffmpeg -- use-after-free</topic>
+ <affects>
+ <package>
+ <name>libav</name>
+ <range><ge>11.0</ge><lt>11.4</lt></range>
+ <range><lt>10.7</lt></range>
+ </package>
+ <package>
+ <name>gstreamer1-libav</name>
+ <!-- gst-libav-1.4.5 has libav-10.5 -->
+ <range><lt>1.5.0</lt></range>
+ </package>
+ <package>
+ <name>handbrake</name>
+ <!-- handbrake-0.10.2 has libav-10.1 -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>ffmpeg</name>
+ <range><ge>2.2.0,1</ge><lt>2.2.12,1</lt></range>
+ <range><ge>2.1.0,1</ge><lt>2.1.7,1</lt></range>
+ <range><lt>2.0.7,1</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg25</name>
+ <range><lt>2.5.2</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg24</name>
+ <range><lt>2.4.5</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg23</name>
+ <range><lt>2.3.6</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg1</name>
+ <range><lt>1.2.11</lt></range>
+ </package>
+ <package>
+ <name>mythtv</name>
+ <name>mythtv-frontend</name>
+ <!-- mythtv-0.27.0.20140121 has ffmpeg-1.2.2+ (snapshot, f9c8726) -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3417">
+ <p>Use-after-free vulnerability in the ff_h264_free_tables
+ function in libavcodec/h264.c in FFmpeg before 2.3.6 allows
+ remote attackers to cause a denial of service or possibly
+ have unspecified other impact via crafted H.264 data in an
+ MP4 file, as demonstrated by an HTML VIDEO element that
+ references H.264 data.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-3417</cvename>
+ <!-- ffmpeg and libav fixes are different -->
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e8714f6f93d1a32f4e4655209960afcf4c185214</url>
+ <url>https://git.libav.org/?p=libav.git;a=commitdiff;h=3b69f245dbe6e2016659a45c4bfe284f6c5ac57e</url>
+ <url>https://ffmpeg.org/security.html</url>
+ <url>https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4</url>
+ </references>
+ <dates>
+ <discovery>2014-12-19</discovery>
+ <entry>2015-09-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5300711b-4e61-11e5-9ad8-14dae9d210b8">
+ <topic>graphviz -- format string vulnerability</topic>
+ <affects>
+ <package>
+ <name>graphviz</name>
+ <range><lt>2.38.0_7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Joshua Rogers reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2014/q4/784">
+ <p>A format string vulnerability has been found in `graphviz'.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2014/q4/784</url>
+ <url>https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081</url>
+ </references>
+ <dates>
+ <discovery>2014-11-24</discovery>
+ <entry>2015-08-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="237a201c-888b-487f-84d3-7d92266381d6">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>40.0.3,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>40.0.3,1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>38.2.1,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Project reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/">
+ <p>MFSA 2015-95 Add-on notification bypass through data URLs</p>
+ <p>MFSA 2015-94 Use-after-free when resizing canvas element
+ during restyling</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-4497</cvename>
+ <cvename>CVE-2015-4498</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-94/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-95/</url>
+ </references>
+ <dates>
+ <discovery>2015-08-27</discovery>
+ <entry>2015-08-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4464212e-4acd-11e5-934b-002590263bf5">
+ <topic>go -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>go</name>
+ <range><lt>1.4.3,1</lt></range>
+ </package>
+ <package>
+ <name>go14</name>
+ <range><lt>1.4.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jason Buberel, Go Product Manager, reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2015/q3/237">
+ <p>CVE-2015-5739 - "Content Length" treated as valid header</p>
+ <p>CVE-2015-5740 - Double content-length headers does not return 400
+ error</p>
+ <p>CVE-2015-5741 - Additional hardening, not sending Content-Length
+ w/Transfer-Encoding, Closing connections</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5739</cvename>
+ <cvename>CVE-2015-5740</cvename>
+ <cvename>CVE-2015-5741</cvename>
+ <url>https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9</url>
+ <url>https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e</url>
+ <url>https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f</url>
+ <url>http://seclists.org/oss-sec/2015/q3/237</url>
+ </references>
+ <dates>
+ <discovery>2015-07-29</discovery>
+ <entry>2015-08-25</entry>
+ </dates>
+ </vuln>
+
<vuln vid="40497e81-fee3-4e54-9d5f-175a5c633b73">
<topic>libtremor -- memory corruption</topic>
<affects>
@@ -367,7 +4515,7 @@
</vuln>
<vuln vid="9a71953a-474a-11e5-adde-14dae9d210b8">
- <topic>libpgf -- use after free</topic>
+ <topic>libpgf -- use-after-free</topic>
<affects>
<package>
<name>libpgf</name>
@@ -387,10 +4535,12 @@
<url>http://seclists.org/oss-sec/2015/q3/404</url>
<url>https://sourceforge.net/p/libpgf/code/147/</url>
<url>https://sourceforge.net/p/libpgf/code/148/</url>
+ <cvename>CVE-2015-6673</cvename>
</references>
<dates>
<discovery>2015-08-08</discovery>
<entry>2015-08-20</entry>
+ <modified>2015-08-26</modified>
</dates>
</vuln>
@@ -708,7 +4858,7 @@
</vuln>
<vuln vid="ee99899d-4347-11e5-93ad-002590263bf5">
- <topic>qemu, xen-tools -- use after free in QEMU/Xen block unplug protocol</topic>
+ <topic>qemu, xen-tools -- use-after-free in QEMU/Xen block unplug protocol</topic>
<affects>
<package>
<name>qemu</name>
@@ -821,10 +4971,14 @@
<url>http://php.net/ChangeLog-5.php#5.4.44</url>
<url>http://php.net/ChangeLog-5.php#5.5.28</url>
<url>http://php.net/ChangeLog-5.php#5.6.12</url>
+ <cvename>CVE-2015-6831</cvename>
+ <cvename>CVE-2015-6832</cvename>
+ <cvename>CVE-2015-6833</cvename>
</references>
<dates>
<discovery>2015-08-06</discovery>
<entry>2015-08-17</entry>
+ <modified>2015-09-08</modified>
</dates>
</vuln>
@@ -1292,11 +5446,15 @@
</package>
<package>
<name>seamonkey</name>
- <range><lt>2.37</lt></range>
+ <range><ge>2.36</ge><lt>2.37</lt></range>
+ <!-- seamonkey-2.35 milestone.txt: 38.2.0esrpre -->
+ <range><lt>2.35</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
- <range><lt>2.37</lt></range>
+ <range><ge>2.36</ge><lt>2.37</lt></range>
+ <!-- seamonkey-2.35 milestone.txt: 38.2.0esrpre -->
+ <range><lt>2.35</lt></range>
</package>
<package>
<name>firefox-esr</name>
@@ -1381,7 +5539,7 @@
<dates>
<discovery>2015-08-11</discovery>
<entry>2015-08-11</entry>
- <modified>2015-08-11</modified>
+ <modified>2015-08-22</modified>
</dates>
</vuln>
@@ -1494,7 +5652,7 @@
<name>de-wordpress</name>
<name>ja-wordpress</name>
<name>ru-wordpress</name>
- <name>zh-wordpress-zh_CH</name>
+ <name>zh-wordpress-zh_CN</name>
<name>zh-wordpress-zh_TW</name>
<range><lt>4.2.4</lt></range>
</package>
@@ -1521,7 +5679,7 @@
<dates>
<discovery>2015-08-04</discovery>
<entry>2015-08-06</entry>
- <modified>2015-08-09</modified>
+ <modified>2015-09-15</modified>
</dates>
</vuln>
@@ -1995,7 +6153,7 @@
<name>de-wordpress</name>
<name>ja-wordpress</name>
<name>ru-wordpress</name>
- <name>zh-wordpress-zh_CH</name>
+ <name>zh-wordpress-zh_CN</name>
<name>zh-wordpress-zh_TW</name>
<range><lt>4.2.3</lt></range>
</package>
@@ -2020,7 +6178,7 @@
<dates>
<discovery>2015-07-23</discovery>
<entry>2015-07-23</entry>
- <modified>2015-07-24</modified>
+ <modified>2015-09-15</modified>
</dates>
</vuln>
@@ -2447,11 +6605,13 @@
</package>
<package>
<name>seamonkey</name>
- <range><lt>2.36</lt></range>
+ <!-- seamonkey-2.35 milestone.txt: 38.2.0esrpre -->
+ <range><lt>2.35</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
- <range><lt>2.36</lt></range>
+ <!-- seamonkey-2.35 milestone.txt: 38.2.0esrpre -->
+ <range><lt>2.35</lt></range>
</package>
<package>
<name>firefox-esr</name>
@@ -2547,6 +6707,7 @@
<dates>
<discovery>2015-07-02</discovery>
<entry>2015-07-16</entry>
+ <modified>2015-09-22</modified>
</dates>
</vuln>
@@ -3679,11 +7840,13 @@
</body>
</description>
<references>
+ <cvename>CVE-2015-8041</cvename>
<url>http://w1.fi/security/2015-5/incomplete-wps-and-p2p-nfc-ndef-record-payload-length-validation.txt</url>
</references>
<dates>
<discovery>2015-07-08</discovery>
<entry>2015-07-09</entry>
+ <modified>2015-11-10</modified>
</dates>
</vuln>
@@ -5865,11 +10028,12 @@
<cvename>CVE-2014-9721</cvename>
<url>https://github.com/zeromq/libzmq/issues/1273</url>
<mlist>http://www.openwall.com/lists/oss-security/2015/05/07/8</mlist>
- <freebsdpr>200502</freebsdpr>
+ <freebsdpr>ports/200502</freebsdpr>
</references>
<dates>
<discovery>2014-12-04</discovery>
<entry>2015-06-10</entry>
+ <modified>2015-09-28</modified>
</dates>
</vuln>
@@ -5894,11 +10058,12 @@
<cvename>CVE-2015-4054</cvename>
<url>https://pgbouncer.github.io/2015/04/pgbouncer-1-5-5/</url>
<mlist>http://www.openwall.com/lists/oss-security/2015/05/21/2</mlist>
- <freebsdpr>200507</freebsdpr>
+ <freebsdpr>ports/200507</freebsdpr>
</references>
<dates>
<discovery>2015-04-08</discovery>
<entry>2015-06-10</entry>
+ <modified>2015-09-28</modified>
</dates>
</vuln>
@@ -5946,7 +10111,7 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>trongSwan Project reports</p>
+ <p>StrongSwan Project reports</p>
<blockquote cite="https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-(cve-2015-3991).html">
<p>A denial-of-service and potential remote code execution vulnerability
triggered by crafted IKE messages was discovered in strongSwan. Versions
@@ -5961,6 +10126,7 @@
<dates>
<discovery>2015-05-15</discovery>
<entry>2015-06-09</entry>
+ <modified>2015-09-28</modified>
</dates>
</vuln>
@@ -6316,12 +10482,13 @@
<cvename>CVE-2014-9604</cvename>
<cvename>CVE-2015-1872</cvename>
<cvename>CVE-2015-3417</cvename>
- <freebsdpr>200507</freebsdpr>
+ <freebsdpr>ports/200507</freebsdpr>
<url>http://advisories.mageia.org/MGASA-2015-0233.html</url>
</references>
<dates>
<discovery>2015-05-18</discovery>
<entry>2015-06-01</entry>
+ <modified>2015-09-28</modified>
</dates>
</vuln>
@@ -6345,7 +10512,7 @@
</description>
<references>
<cvename>CVE-2015-3448</cvename>
- <freebsdpr>200504</freebsdpr>
+ <freebsdpr>ports/200504</freebsdpr>
<url>https://github.com/rest-client/rest-client/issues/349</url>
<url>http://osvdb.org/show/osvdb/117461</url>
</references>
@@ -6352,6 +10519,7 @@
<dates>
<discovery>2015-01-12</discovery>
<entry>2015-05-31</entry>
+ <modified>2015-09-28</modified>
</dates>
</vuln>
@@ -6375,12 +10543,13 @@
</description>
<references>
<cvename>CVE-2015-1820</cvename>
- <freebsdpr>200504</freebsdpr>
+ <freebsdpr>ports/200504</freebsdpr>
<url>https://github.com/rest-client/rest-client/issues/369</url>
</references>
<dates>
<discovery>2015-03-24</discovery>
<entry>2015-05-31</entry>
+ <modified>2015-09-28</modified>
</dates>
</vuln>
@@ -7347,9 +11516,9 @@
</description>
<references>
<cvename>CVE-2015-3456</cvename>
- <freebsdpr>200255</freebsdpr>
- <freebsdpr>200256</freebsdpr>
- <freebsdpr>200257</freebsdpr>
+ <freebsdpr>ports/200255</freebsdpr>
+ <freebsdpr>ports/200256</freebsdpr>
+ <freebsdpr>ports/200257</freebsdpr>
<url>http://venom.crowdstrike.com/</url>
<url>http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html</url>
<url>http://xenbits.xen.org/xsa/advisory-133.html</url>
@@ -7357,7 +11526,7 @@
<dates>
<discovery>2015-04-29</discovery>
<entry>2015-05-17</entry>
- <modified>2015-05-23</modified>
+ <modified>2015-09-28</modified>
</dates>
</vuln>
@@ -7464,8 +11633,7 @@
</package>
<package>
<name>lightzone</name>
- <!-- no known fixed version -->
- <range><ge>0</ge></range>
+ <range><lt>4.1.2</lt></range>
</package>
<package>
<name>netpbm</name>
@@ -7510,7 +11678,7 @@
<dates>
<discovery>2015-04-24</discovery>
<entry>2015-05-15</entry>
- <modified>2015-07-01</modified>
+ <modified>2015-09-18</modified>
</dates>
</vuln>
@@ -7715,6 +11883,8 @@
<p>MFSA-2015-57 Privilege escalation through IPC channel messages</p>
<p>MFSA-2015-58 Mozilla Windows updater can be run outside
of application directory</p>
+ <p>MFSA 2015-93 Integer overflows in libstagefright while processing
+ MP4 video metadata</p>
</blockquote>
</body>
</description>
@@ -7734,6 +11904,7 @@
<cvename>CVE-2015-2717</cvename>
<cvename>CVE-2015-2718</cvename>
<cvename>CVE-2015-2720</cvename>
+ <cvename>CVE-2015-4496</cvename>
<url>https://www.mozilla.org/security/advisories/mfsa2015-46/</url>
<url>https://www.mozilla.org/security/advisories/mfsa2015-47/</url>
<url>https://www.mozilla.org/security/advisories/mfsa2015-48/</url>
@@ -7747,10 +11918,12 @@
<url>https://www.mozilla.org/security/advisories/mfsa2015-56/</url>
<url>https://www.mozilla.org/security/advisories/mfsa2015-57/</url>
<url>https://www.mozilla.org/security/advisories/mfsa2015-58/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-93/</url>
</references>
<dates>
<discovery>2015-05-12</discovery>
<entry>2015-05-12</entry>
+ <modified>2015-08-28</modified>
</dates>
</vuln>
@@ -7882,7 +12055,7 @@
<range><lt>4.2.2</lt></range>
</package>
<package>
- <name>zh-wordpress-zh_CH</name>
+ <name>zh-wordpress-zh_CN</name>
<range><lt>4.2.2</lt></range>
</package>
<package>
@@ -7921,6 +12094,7 @@
<dates>
<discovery>2015-05-07</discovery>
<entry>2015-05-07</entry>
+ <modified>2015-09-15</modified>
</dates>
</vuln>
@@ -7944,7 +12118,7 @@
<range><lt>4.2.1</lt></range>
</package>
<package>
- <name>zh-wordpress-zh_CH</name>
+ <name>zh-wordpress-zh_CN</name>
<range><lt>4.2.1</lt></range>
</package>
<package>
@@ -7972,6 +12146,7 @@
<dates>
<discovery>2015-04-27</discovery>
<entry>2015-05-07</entry>
+ <modified>2015-09-15</modified>
</dates>
</vuln>
@@ -8342,7 +12517,7 @@
</vuln>
<vuln vid="738fc80d-5f13-4ccb-aa9a-7965699e5a10">
- <topic>mozilla -- use after free</topic>
+ <topic>mozilla -- use-after-free</topic>
<affects>
<package>
<name>firefox</name>
@@ -8654,16 +12829,19 @@
<topic>Ruby -- OpenSSL Hostname Verification Vulnerability</topic>
<affects>
<package>
+ <name>ruby</name>
<name>ruby20</name>
- <range><lt>2.0.0.645,1</lt></range>
+ <range><ge>2.0,1</ge><lt>2.0.0.645,1</lt></range>
</package>
<package>
<name>ruby</name>
- <range><lt>2.1.6,1</lt></range>
+ <name>ruby21</name>
+ <range><ge>2.1,1</ge><lt>2.1.6,1</lt></range>
</package>
<package>
+ <name>ruby</name>
<name>ruby22</name>
- <range><lt>2.2.2,1</lt></range>
+ <range><ge>2.2,1</ge><lt>2.2.2,1</lt></range>
</package>
</affects>
<description>
@@ -8687,6 +12865,7 @@
<dates>
<discovery>2015-04-13</discovery>
<entry>2015-04-14</entry>
+ <modified>2015-09-23</modified>
</dates>
</vuln>
@@ -9156,6 +13335,22 @@
<name>libzip</name>
<range><lt>0.11.2_2</lt></range>
</package>
+ <package>
+ <name>ppsspp</name>
+ <range><lt>1.0.1_5</lt></range>
+ </package>
+ <package>
+ <name>ppsspp-devel</name>
+ <range><lt>1.0.1.2668_1</lt></range>
+ </package>
+ <package>
+ <name>radare2</name>
+ <range><lt>0.9.8_1</lt></range>
+ </package>
+ <package>
+ <name>openlierox</name>
+ <range><lt>0.58.r3_5,1</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -9174,6 +13369,7 @@
<dates>
<discovery>2015-03-18</discovery>
<entry>2015-03-28</entry>
+ <modified>2015-09-20</modified>
</dates>
</vuln>
@@ -15488,7 +19684,7 @@
<references>
<cvename>CVE-2014-2655</cvename>
<bid>66455</bid>
- <freebsdpr>189248</freebsdpr>
+ <freebsdpr>ports/189248</freebsdpr>
<mlist>http://www.openwall.com/lists/oss-security/2014/03/26/6</mlist>
<url>https://www.debian.org/security/2014/dsa-2889</url>
</references>
@@ -15495,6 +19691,7 @@
<dates>
<discovery>2014-03-28</discovery>
<entry>2014-07-13</entry>
+ <modified>2015-09-28</modified>
</dates>
</vuln>
@@ -20758,7 +24955,7 @@
</vuln>
<vuln vid="9a57c607-3cab-11e3-b4d9-bcaec565249c">
- <topic>xorg-server -- use after free</topic>
+ <topic>xorg-server -- use-after-free</topic>
<affects>
<package>
<name>xorg-server</name>
@@ -26252,7 +30449,7 @@
</vuln>
<vuln vid="630c8c08-880f-11e2-807f-d43d7e0c7c02">
- <topic>mozilla -- Use-after-free in HTML Editor</topic>
+ <topic>mozilla -- use-after-free in HTML Editor</topic>
<affects>
<package>
<name>firefox</name>
@@ -30424,6 +34621,10 @@
<name>ZendFramework</name>
<range><lt>1.11.13</lt></range>
</package>
+ <package>
+ <name>magento</name>
+ <range><lt>1.7.0.2</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -30453,10 +34654,12 @@
<url>http://framework.zend.com/security/advisory/ZF2012-02</url>
<url>http://www.openwall.com/lists/oss-security/2012/06/26/2</url>
<url>https://secunia.com/advisories/49665/</url>
+ <url>http://www.magentocommerce.com/download/release_notes</url>
</references>
<dates>
<discovery>2012-06-26</discovery>
<entry>2012-10-16</entry>
+ <modified>2015-10-14</modified>
</dates>
</vuln>
@@ -37575,7 +41778,7 @@
</vuln>
<vuln vid="eba9aa94-549c-11e1-b6b7-0011856a6e37">
- <topic>mozilla -- use after free in nsXBLDocumentInfo::ReadPrototypeBindings</topic>
+ <topic>mozilla -- use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings</topic>
<affects>
<package>
<name>firefox</name>
@@ -95489,7 +99692,7 @@
</body>
</description>
<references>
- <freebsdpr>73144</freebsdpr>
+ <freebsdpr>ports/73144</freebsdpr>
<cvename>CVE-2004-1007</cvename>
<mlist msgid="20041008143604.GA14934 at scowler.net">http://article.gmane.org/gmane.mail.bogofilter.devel/3308</mlist>
<mlist msgid="m3r7o892vj.fsf at merlin.emma.line.org">http://article.gmane.org/gmane.mail.bogofilter.devel/3317</mlist>
@@ -95499,7 +99702,7 @@
<dates>
<discovery>2004-10-09</discovery>
<entry>2004-10-26</entry>
- <modified>2004-11-03</modified>
+ <modified>2015-09-28</modified>
</dates>
</vuln>
More information about the Midnightbsd-cvs
mailing list