author: Oliver Eikemeier <eik@FreeBSD.org> 2004-08-17 07:56:37 +0000
committer: Oliver Eikemeier <eik@FreeBSD.org> 2004-08-17 07:56:37 +0000
commit: 21e5e83c579d4cc981e572900bdf1c20befc42a8 (patch)
tree: cdbd81c57edd17aa76bc37528768fb0cd5f5df22
parent: 96e9531ed0bf64d91a0bb939e30ff3181ba83d30 (diff)
download: ports-21e5e83c579d4cc981e572900bdf1c20befc42a8.tar.gz
ports-21e5e83c579d4cc981e572900bdf1c20befc42a8.zip
6 files changed, 72 insertions, 18 deletions
diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt
index b772c0d91b61..f57c0afe4550 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@@ -68,4 +68,3 @@ sympa<4.1.2|http://secunia.com/advisories/12286 http://www.sympa.org/release.htm
 phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://secunia.com/advisories/10602 http://www.osvdb.org/3473 http://www.osvdb.org/3474 http://www.osvdb.org/3475 http://www.osvdb.org/3476 http://www.osvdb.org/3477 http://www.osvdb.org/3478 http://www.osvdb.org/3479 http://www.osvdb.org/3480 http://www.osvdb.org/3481 http://www.osvdb.org/3482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0067 http://www.securityfocus.com/archive/1/349698|phpGedView: muliple vulnerabilities|c35d4cae-eed0-11d8-81b0-000347a4fa7d
 {ja-,}phpgroupware<0.9.14.007|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0017 http://www.securityfocus.com/bid/9386 http://www.securityfocus.com/bid/9387 http://xforce.iss.net/xforce/xfdb/13489 http://xforce.iss.net/xforce/xfdb/14846 http://www.osvdb.org/2691 http://www.osvdb.org/6857 http://secunia.com/advisories/10046|phpGroupWare calendar and infolog SQL injection, calendar server side script execution|96fc0f03-ef13-11d8-81b0-000347a4fa7d
 {ja-,}phpgroupware<0.9.16.002|http://freshmeat.net/releases/168144 http://www.osvdb.org/8354 http://xforce.iss.net/xforce/xfdb/16970|phpGroupWare stores passwords in plain text|82f16a40-ef12-11d8-81b0-000347a4fa7d
-ruby{,_r,_static}>=1.8.*<1.8.2.p2|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0755 http://secunia.com/advisories/12290 http://www.debian.org/security/2004/dsa-537 http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/ChangeLog?rev=1.2673.2.410 http://www.osvdb.org/8845|ruby CGI::Session insecure file creation|a800386e-ef7e-11d8-81b0-000347a4fa7d
diff --git a/ports-mgmt/portaudit-db/database/portaudit.xlist b/ports-mgmt/portaudit-db/database/portaudit.xlist
index 63ace396044c..bae5e818a065 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.xlist
+++ b/ports-mgmt/portaudit-db/database/portaudit.xlist
@@ -19,3 +19,4 @@ abe47a5a-e23c-11d8-9b0a-000347a4fa7d
 a713c0f9-ec54-11d8-9440-000347a4fa7d
 5b8f9a02-ec93-11d8-b913-000c41e2cdad
 65a17a3f-ed6e-11d8-aff1-00061bc2ad93
+e811aaf1-f015-11d8-876f-00902714cc7c
diff --git a/ports-mgmt/portaudit-db/database/portaudit.xml b/ports-mgmt/portaudit-db/database/portaudit.xml
index d180a376dde3..a25db2eaa413 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.xml
+++ b/ports-mgmt/portaudit-db/database/portaudit.xml
@@ -10,10 +10,7 @@ This file is in the public domain.
     <topic>MPlayer remotely exploitable buffer overflow in the ASX parser</topic>
     <affects>
       <package>
-        <name>mplayer</name>
-        <name>mplayer-esound</name>
-        <name>mplayer-gtk</name>
-        <name>mplayer-gtk-esound</name>
+        <name>mplayer{,-gtk}{,-esound}</name>
         <range><lt>0.92</lt></range>
       </package>
     </affects>
@@ -41,10 +38,7 @@ This file is in the public domain.
     <topic>MPlayer remotely exploitable buffer overflow in the HTTP parser</topic>
     <affects>
       <package>
-        <name>mplayer</name>
-        <name>mplayer-esound</name>
-        <name>mplayer-gtk</name>
-        <name>mplayer-gtk-esound</name>
+        <name>mplayer{,-gtk}{,-esound}</name>
         <range><lt>0.92.1</lt></range>
       </package>
     </affects>
@@ -139,6 +133,7 @@ This file is in the public domain.
       <cvename>CAN-2004-0630</cvename>
       <cvename>CAN-2004-0631</cvename>
       <url>http://secunia.com/advisories/12285</url>
+      <url>http://xforce.iss.net/xforce/xfdb/16972</url>
       <url>http://www.idefense.com/application/poi/display?id=124&amp;type=vulnerabilities&amp;flashstatus=false</url>
       <url>http://www.idefense.com/application/poi/display?id=125&amp;type=vulnerabilities&amp;flashstatus=false</url>
     </references>
@@ -803,4 +798,36 @@ This file is in the public domain.
     </dates>
   </vuln>
 
+  <vuln vid="e811aaf1-f015-11d8-876f-00902714cc7c">
+    <cancelled superseded="a800386e-ef7e-11d8-81b0-000347a4fa7d"/>
+  </vuln>
+
+  <vuln vid="a800386e-ef7e-11d8-81b0-000347a4fa7d">
+    <topic>ruby CGI::Session insecure file creation</topic>
+    <affects>
+      <package>
+        <name>ruby{,_r,_static}</name>
+        <range><lt>1.6.8.2004.07.28</lt></range>
+        <range><ge>1.8.*</ge><lt>1.8.2.p2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>Rubys CGI session management store session information insecurely,
+          which can be exploited by a local attacker to take over a session.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CAN-2004-0755</cvename>
+      <url>http://secunia.com/advisories/12290</url>
+      <url>http://www.debian.org/security/2004/dsa-537</url>
+      <url>http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/ChangeLog?rev=1.2673.2.410</url>
+      <url>http://www.osvdb.org/8845</url>
+    </references>
+    <dates>
+      <discovery>2004-07-22</discovery>
+      <entry>2004-08-16</entry>
+      <modified>2004-08-16</modified>
+    </dates>
+  </vuln>
 </vuxml>
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt
index b772c0d91b61..f57c0afe4550 100644
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@@ -68,4 +68,3 @@ sympa<4.1.2|http://secunia.com/advisories/12286 http://www.sympa.org/release.htm
 phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://secunia.com/advisories/10602 http://www.osvdb.org/3473 http://www.osvdb.org/3474 http://www.osvdb.org/3475 http://www.osvdb.org/3476 http://www.osvdb.org/3477 http://www.osvdb.org/3478 http://www.osvdb.org/3479 http://www.osvdb.org/3480 http://www.osvdb.org/3481 http://www.osvdb.org/3482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0067 http://www.securityfocus.com/archive/1/349698|phpGedView: muliple vulnerabilities|c35d4cae-eed0-11d8-81b0-000347a4fa7d
 {ja-,}phpgroupware<0.9.14.007|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0017 http://www.securityfocus.com/bid/9386 http://www.securityfocus.com/bid/9387 http://xforce.iss.net/xforce/xfdb/13489 http://xforce.iss.net/xforce/xfdb/14846 http://www.osvdb.org/2691 http://www.osvdb.org/6857 http://secunia.com/advisories/10046|phpGroupWare calendar and infolog SQL injection, calendar server side script execution|96fc0f03-ef13-11d8-81b0-000347a4fa7d
 {ja-,}phpgroupware<0.9.16.002|http://freshmeat.net/releases/168144 http://www.osvdb.org/8354 http://xforce.iss.net/xforce/xfdb/16970|phpGroupWare stores passwords in plain text|82f16a40-ef12-11d8-81b0-000347a4fa7d
-ruby{,_r,_static}>=1.8.*<1.8.2.p2|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0755 http://secunia.com/advisories/12290 http://www.debian.org/security/2004/dsa-537 http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/ChangeLog?rev=1.2673.2.410 http://www.osvdb.org/8845|ruby CGI::Session insecure file creation|a800386e-ef7e-11d8-81b0-000347a4fa7d
diff --git a/security/portaudit-db/database/portaudit.xlist b/security/portaudit-db/database/portaudit.xlist
index 63ace396044c..bae5e818a065 100644
--- a/security/portaudit-db/database/portaudit.xlist
+++ b/security/portaudit-db/database/portaudit.xlist
@@ -19,3 +19,4 @@ abe47a5a-e23c-11d8-9b0a-000347a4fa7d
 a713c0f9-ec54-11d8-9440-000347a4fa7d
 5b8f9a02-ec93-11d8-b913-000c41e2cdad
 65a17a3f-ed6e-11d8-aff1-00061bc2ad93
+e811aaf1-f015-11d8-876f-00902714cc7c
diff --git a/security/portaudit-db/database/portaudit.xml b/security/portaudit-db/database/portaudit.xml
index d180a376dde3..a25db2eaa413 100644
--- a/security/portaudit-db/database/portaudit.xml
+++ b/security/portaudit-db/database/portaudit.xml
@@ -10,10 +10,7 @@ This file is in the public domain.
     <topic>MPlayer remotely exploitable buffer overflow in the ASX parser</topic>
     <affects>
       <package>
-        <name>mplayer</name>
-        <name>mplayer-esound</name>
-        <name>mplayer-gtk</name>
-        <name>mplayer-gtk-esound</name>
+        <name>mplayer{,-gtk}{,-esound}</name>
         <range><lt>0.92</lt></range>
       </package>
     </affects>
@@ -41,10 +38,7 @@ This file is in the public domain.
     <topic>MPlayer remotely exploitable buffer overflow in the HTTP parser</topic>
     <affects>
       <package>
-        <name>mplayer</name>
-        <name>mplayer-esound</name>
-        <name>mplayer-gtk</name>
-        <name>mplayer-gtk-esound</name>
+        <name>mplayer{,-gtk}{,-esound}</name>
         <range><lt>0.92.1</lt></range>
       </package>
     </affects>
@@ -139,6 +133,7 @@ This file is in the public domain.
       <cvename>CAN-2004-0630</cvename>
       <cvename>CAN-2004-0631</cvename>
       <url>http://secunia.com/advisories/12285</url>
+      <url>http://xforce.iss.net/xforce/xfdb/16972</url>
       <url>http://www.idefense.com/application/poi/display?id=124&amp;type=vulnerabilities&amp;flashstatus=false</url>
       <url>http://www.idefense.com/application/poi/display?id=125&amp;type=vulnerabilities&amp;flashstatus=false</url>
     </references>
@@ -803,4 +798,36 @@ This file is in the public domain.
     </dates>
   </vuln>
 
+  <vuln vid="e811aaf1-f015-11d8-876f-00902714cc7c">
+    <cancelled superseded="a800386e-ef7e-11d8-81b0-000347a4fa7d"/>
+  </vuln>
+
+  <vuln vid="a800386e-ef7e-11d8-81b0-000347a4fa7d">
+    <topic>ruby CGI::Session insecure file creation</topic>
+    <affects>
+      <package>
+        <name>ruby{,_r,_static}</name>
+        <range><lt>1.6.8.2004.07.28</lt></range>
+        <range><ge>1.8.*</ge><lt>1.8.2.p2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>Rubys CGI session management store session information insecurely,
+          which can be exploited by a local attacker to take over a session.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CAN-2004-0755</cvename>
+      <url>http://secunia.com/advisories/12290</url>
+      <url>http://www.debian.org/security/2004/dsa-537</url>
+      <url>http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/ChangeLog?rev=1.2673.2.410</url>
+      <url>http://www.osvdb.org/8845</url>
+    </references>
+    <dates>
+      <discovery>2004-07-22</discovery>
+      <entry>2004-08-16</entry>
+      <modified>2004-08-16</modified>
+    </dates>
+  </vuln>
 </vuxml>
author	Oliver Eikemeier <eik@FreeBSD.org>	2004-08-17 07:56:37 +0000
committer	Oliver Eikemeier <eik@FreeBSD.org>	2004-08-17 07:56:37 +0000
commit	21e5e83c579d4cc981e572900bdf1c20befc42a8 (patch)
tree	cdbd81c57edd17aa76bc37528768fb0cd5f5df22
parent	96e9531ed0bf64d91a0bb939e30ff3181ba83d30 (diff)
download	ports-21e5e83c579d4cc981e572900bdf1c20befc42a8.tar.gz ports-21e5e83c579d4cc981e572900bdf1c20befc42a8.zip