diff options
| author | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2017-03-11 21:09:58 +0000 |
|---|---|---|
| committer | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2017-03-11 21:09:58 +0000 |
| commit | 315b91ea4ad84bae9420bd4e9cdd6328d341939a (patch) | |
| tree | 7780782957e535cf3580e40a83a4d781d2d6d9d3 /security | |
| parent | f91bd6684787f8615c1cb0e7d7d037bceaade9a3 (diff) | |
| download | ports-315b91ea4ad84bae9420bd4e9cdd6328d341939a.tar.gz ports-315b91ea4ad84bae9420bd4e9cdd6328d341939a.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6f1c5085734d..77e284e700ad 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,34 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e550fc62-069a-11e7-8e3e-5453ed2e2b49"> + <topic>kdepimlibs -- directory traversal on KTNEF</topic> + <affects> + <package> + <name>kdepimlibs</name> + <range><lt>4.14.10_7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Albert Aastals Cid reports:</p> + <blockquote cite="https://www.kde.org/info/security/advisory-20170227-1.txt"> + <p>A directory traversal issue was found in KTNEF which can be + exploited by tricking a user into opening a malicious winmail.dat + file. The issue allows to write files with the permission of the user + opening the winmail.dat file during extraction.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.kde.org/info/security/advisory-20170227-1.txt</url> + </references> + <dates> + <discovery>2017-02-27</discovery> + <entry>2017-03-11</entry> + </dates> + </vuln> + <vuln vid="f714d8ab-028e-11e7-8042-50e549ebab6c"> <topic>kio: Information Leak when accessing https when using a malicious PAC file</topic> <affects> |