diff options
author | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2014-08-04 08:09:35 +0000 |
---|---|---|
committer | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2014-08-04 08:09:35 +0000 |
commit | c7d024401b43fca39d9ce191efd610676bd46c50 (patch) | |
tree | 774dceb625be79a82c84f5964b1bcc94a693c447 | |
parent | efb66db9cd4a0f27979b9b4329fbb9992640ea85 (diff) | |
download | ports-c7d024401b43fca39d9ce191efd610676bd46c50.tar.gz ports-c7d024401b43fca39d9ce191efd610676bd46c50.zip |
MFH: r363944
Document CVE-2014-4607 in net/krfb.
Approved by: portmgr (erwin)
Notes
Notes:
svn path=/branches/2014Q3/; revision=363970
-rw-r--r-- | security/vuxml/vuln.xml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 758d157d32fe..9a3063cdd92d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,38 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="be5421ab-1b56-11e4-a767-5453ed2e2b49"> + <topic>krfb -- Possible Denial of Service or code execution via integer overflow</topic> + <affects> + <package> + <name>krfb</name> + <range><lt>4.12.5_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Albert Aastals Cid reports:</p> + <blockquote cite="http://lists.kde.org/?l=kde-announce&m=140709940701878&w=2"> + <p>krfb embeds libvncserver which embeds liblzo2, it contains various + flaws that result in integer overflow problems.</p> + <p>This potentially allows a malicious application to create a + possible denial of service or code execution. Due to the need to + exploit precise details of the target architecture and threading it + is unlikely that remote code execution can be achieved in + practice.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-4607</cvename> + <mlist>http://lists.kde.org/?l=kde-announce&m=140709940701878&w=2</mlist> + </references> + <dates> + <discovery>2014-08-03</discovery> + <entry>2014-08-03</entry> + </dates> + </vuln> + <vuln vid="90ca3ba5-19e6-11e4-8616-001b3856973b"> <topic>gpgme -- heap-based buffer overflow in gpgsm status handler</topic> <affects> |