diff options
| author | Xin LI <delphij@FreeBSD.org> | 2012-03-21 21:58:05 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2012-03-21 21:58:05 +0000 |
| commit | 20e1af42d5d917c010517058f4534d28fd1346b9 (patch) | |
| tree | eb4017ae2c58498de306b2d28ddae0d8c4fc9e70 /security | |
| parent | 3c378210d15c9f7075b1116b6856bfe766a2d28f (diff) | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6deacab494bd..18a71c462daf 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,68 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2e7e9072-73a0-11e1-a883-001cc0a36e12"> + <topic>libtasn1 -- ASN.1 length decoding vulnerability</topic> + <affects> + <package> + <name>libtasn1</name> + <range><lt>2.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mu Dynamics, Inc. reports:</p> + <blockquote cite="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5959"> + <p>Various functions using the ASN.1 length decoding logic in + Libtasn1 were incorrectly assuming that the return value from + asn1_get_length_der is always less than the length of the + enclosing ASN.1 structure, which is only true for valid + structures and not for intentionally corrupt or otherwise + buggy structures.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-1569</cvename> + </references> + <dates> + <discovery>2012-03-20</discovery> + <entry>2012-03-21</entry> + </dates> + </vuln> + + <vuln vid="aecee357-739e-11e1-a883-001cc0a36e12"> + <topic>gnutls -- possible overflow/Denial of service vulnerabilities</topic> + <affects> + <package> + <name>gnutls</name> + <range><lt>2.12.18</lt></range> + </package> + <package> + <name>gnutls-devel</name> + <range><gt>2.99</gt><lt>3.0.17</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mu Dynamics, Inc. reports:</p> + <blockquote cite="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5959"> + <p>The block cipher decryption logic in GnuTLS assumed that a + record containing any data which was a multiple of the block + size was valid for further decryption processing, leading to + a heap corruption vulnerability.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-1573</cvename> + </references> + <dates> + <discovery>2012-03-20</discovery> + <entry>2012-03-21</entry> + </dates> + </vuln> + <vuln vid="0d530174-6eef-11e1-afd6-14dae9ebcf89"> <topic>asterisk -- multiple vulnerabilities</topic> <affects> |