diff options
author | Dave Cottlehuber <dch@FreeBSD.org> | 2017-10-22 22:25:53 +0000 |
---|---|---|
committer | Dave Cottlehuber <dch@FreeBSD.org> | 2017-10-22 22:25:53 +0000 |
commit | 72c679972581df6b7ab3545e3273604edd0774d8 (patch) | |
tree | 171e622cf1bdda8bd16224d2d5b016b72e656ba1 | |
parent | f8eb78795a486542f90f215a08232397ac2fabf1 (diff) | |
download | ports-72c679972581df6b7ab3545e3273604edd0774d8.tar.gz ports-72c679972581df6b7ab3545e3273604edd0774d8.zip |
Notes
-rw-r--r-- | security/vuxml/vuln.xml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3231f961a714..07b99d2276b3 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,38 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="10c0fabc-b5da-11e7-816e-00bd5d1fff09"> + <topic>h2o -- DoS in workers</topic> + <affects> + <package> + <name>h2o</name> + <range><lt>2.2.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Frederik Deweerdt reports:</p> + <blockquote cite="https://github.com/h2o/h2o/releases/tag/v2.2.3"> + <p>Multiple Denial-of-Service vulnerabilities exist in h2o workers - + see references for full details.</p> + <p>CVE-2017-10868: Worker processes may crash when receiving a request with invalid framing.</p> + <p>CVE-2017-10869: The stack may overflow when proxying huge requests.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-10868</cvename> + <cvename>CVE-2017-10869</cvename> + <url>https://github.com/h2o/h2o/issues/1459</url> + <url>https://github.com/h2o/h2o/issues/1460</url> + <url>https://github.com/h2o/h2o/releases/tag/v2.2.3</url> + </references> + <dates> + <discovery>2017-07-19</discovery> + <entry>2017-10-17</entry> + </dates> + </vuln> + <vuln vid="85e2c7eb-b74b-11e7-8546-5cf3fcfdd1f1"> <topic>irssi -- multiple vulnerabilities</topic> <affects> |