diff options
author | Remko Lodder <remko@FreeBSD.org> | 2017-12-14 06:41:58 +0000 |
---|---|---|
committer | Remko Lodder <remko@FreeBSD.org> | 2017-12-14 06:41:58 +0000 |
commit | 333b2d8d549082727fbfa5e60b7fedd776af4f6f (patch) | |
tree | 269b25ae38de503ecf29a51a65bd50a4748edf58 /security | |
parent | b0d60409ee254be0df1ec3a9cbe79e7685a61da1 (diff) | |
download | ports-333b2d8d549082727fbfa5e60b7fedd776af4f6f.tar.gz ports-333b2d8d549082727fbfa5e60b7fedd776af4f6f.zip |
Notes
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c82a169cebc2..e78e51e703bd 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,38 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="36ef8753-d86f-11e7-ad28-0025908740c2"> + <topic>tor -- Use-after-free in onion service v2</topic> + <affects> + <package> + <name>tor</name> + <range><lt>0.3.1.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Torproject.org reports:</p> + <blockquote cite="https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516"> + <ul> + <li>TROVE-2017-009: Replay-cache ineffective for v2 onion services</li> + <li>TROVE-2017-010: Remote DoS attack against directory authorities</li> + <li>TROVE-2017-011: An attacker can make Tor ask for a password</li> + <li>TROVE-2017-012: Relays can pick themselves in a circuit path</li> + <li>TROVE-2017-013: Use-after-free in onion service v2</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516</url> + <cvename>CVE-2017-8819</cvename> + </references> + <dates> + <discovery>2017-12-01</discovery> + <entry>2017-12-14</entry> + </dates> + </vuln> + <vuln vid="4a67450a-e044-11e7-accc-001999f8d30b"> <topic>asterisk -- Remote Crash Vulnerability in RTCP Stack</topic> <affects> |