diff options
Diffstat (limited to 'ports-mgmt/portaudit-db')
| -rw-r--r-- | ports-mgmt/portaudit-db/Makefile | 44 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/database/portaudit.txt | 84 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/database/portaudit.xlist | 26 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/database/portaudit.xml | 1107 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/database/portaudit2vuxml.pl | 149 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/files/packaudit.conf | 9 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/files/packaudit.sh | 142 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/files/portaudit2vuxml.awk | 95 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/files/vuxml2html.xslt | 329 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/files/vuxml2portaudit.xslt | 92 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/pkg-descr | 16 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/pkg-plist | 8 |
12 files changed, 0 insertions, 2101 deletions
diff --git a/ports-mgmt/portaudit-db/Makefile b/ports-mgmt/portaudit-db/Makefile deleted file mode 100644 index db754b90df57..000000000000 --- a/ports-mgmt/portaudit-db/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -# New ports collection makefile for: portaudit-db -# Date created: 12 Jun 2004 -# Whom: Oliver Eikemeier -# -# $FreeBSD$ -# - -PORTNAME= portaudit-db -PORTVERSION= 0.2.3 -CATEGORIES= security -DISTFILES= - -MAINTAINER= secteam@FreeBSD.org -COMMENT= Creates a portaudit database from a current ports tree - -RUN_DEPENDS= xsltproc:${PORTSDIR}/textproc/libxslt - -DEPENDS_ARGS+= WITHOUT_PYTHON=yes - -DATABASEDIR?= ${AUDITFILE:H} - -PLIST_SUB+= DATABASEDIR="${DATABASEDIR}" - -SED_SCRIPT= -e 's,%%PREFIX%%,${PREFIX},g' \ - -e "s|%%DATADIR%%|${DATADIR}|g" \ - -e "s|%%LOCALBASE%%|${LOCALBASE}|g" \ - -e "s|%%PORTSDIR%%|${PORTSDIR}|g" \ - -e "s|%%PORTVERSION%%|${PORTVERSION}|g" \ - -e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" - -do-build: - @for f in packaudit.sh packaudit.conf; do \ - ${SED} ${SED_SCRIPT} "${FILESDIR}/$$f" > "${WRKDIR}/$$f"; \ - done - -do-install: - @${INSTALL_SCRIPT} ${WRKDIR}/packaudit.sh ${PREFIX}/bin/packaudit - @${INSTALL_DATA} ${WRKDIR}/packaudit.conf ${PREFIX}/etc/packaudit.conf.sample - @${MKDIR} ${DATADIR} - @${INSTALL_SCRIPT} ${FILESDIR}/portaudit2vuxml.awk ${DATADIR} - @${INSTALL_DATA} ${FILESDIR}/vuxml2html.xslt ${FILESDIR}/vuxml2portaudit.xslt ${DATADIR} - @${MKDIR} ${DATABASEDIR} - -.include <bsd.port.mk> diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt deleted file mode 100644 index ccb7b401f54c..000000000000 --- a/ports-mgmt/portaudit-db/database/portaudit.txt +++ /dev/null @@ -1,84 +0,0 @@ -# portaudit text based database -# $FreeBSD$ -apache>=2.*<2.0.49_1|http://www.osvdb.org/6472 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f -apache+mod_ssl*<1.3.31+2.8.18|http://www.osvdb.org/6472 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f -ru-apache+mod_ssl<1.3.31+30.20+2.8.18|http://www.osvdb.org/6472 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f -apache<1.3.31_1|http://www.osvdb.org/6839 http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f -apache+mod_ssl*<1.3.31+2.8.18_4|http://www.osvdb.org/6839 http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f -ru-apache+mod_ssl<=1.3.31+30.20+2.8.18|http://www.osvdb.org/6839 http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f -dbmail{-mysql,-postgresql}<1.2.8a|http://mailman.fastxs.net/pipermail/dbmail/2004-June/004960.html|DBMail: remote exploitable buffer overflow|3b9b196e-bd12-11d8-b071-00e08110b673 -smtpproxy<=1.1.3|http://0xbadc0ded.org/advisories/0402.txt|smtpproxy: remotely exploitable format string vulnerability|1abf65f9-bc9d-11d8-916c-000347dd607f -subversion{,-perl,-python}<1.0.5|http://www.osvdb.org/6935 http://subversion.tigris.org/security/CAN-2004-0413-advisory.txt|subversion: remote exploitable buffer overflow in 'svn://' parser|4616bc3b-bd0f-11d8-a252-02e0185c0b53 -imp<3.2.4|http://article.gmane.org/gmane.comp.horde.imp/14421/|imp: XSS hole exploited via the Content-type header of malicious emails|911f1b19-bd20-11d8-84f9-000bdb1444a4 -chora<1.2.2|http://article.gmane.org/gmane.comp.horde.chora/610/|chora: hole in the diff code that allowed malicious input|9e09399d-bd21-11d8-84f9-000bdb1444a4 -squirrelmail<1.4.3a|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0519 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt|SquirrelMail XSS vulnerability|89a0de27-bf66-11d8-a252-02e0185c0b53 -ja-squirrelmail<1.4.3a,1|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0519 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt|SquirrelMail XSS vulnerability|89a0de27-bf66-11d8-a252-02e0185c0b53 -webmin<1.150|http://www.webmin.com/changes-1.150.html http://www.osvdb.org/6729 http://www.osvdb.org/6730|Multiple vulnerabilities in Webmin|ab61715f-c027-11d8-b00e-000347a4fa7d -racoon<20040617a|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022617.html http://www.securityfocus.com/archive/1/366023 http://securitytracker.com/alerts/2004/Jun/1010495.html http://orange.kame.net/dev/cvsweb.cgi/kame/kame/kame/racoon/crypto_openssl.c#rev1.86 http://www.securityfocus.com/bid/10546 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0607|Racoon may validate invalid certificates|a96c1d37-c033-11d8-b00e-000347a4fa7d -ircd-hybrid<=7.0_1|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486 http://www.osvdb.org/7242|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53 -ircd-hybrid-ru<=7.1_2|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486 http://www.osvdb.org/7242|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53 -{,??-}aspell<=0.50.5_2|http://nettwerked.mg2.org/advisories/wlc http://marc.theaimsgroup.com/?l=bugtraq&m=108761564006503&w=2 http://www.securityfocus.com/bid/10497|Buffer overflow in word-list-compress|b7b03bab-c296-11d8-bfb2-000bdb1444a4 -linux-aspell<=0.50.4.1|http://nettwerked.mg2.org/advisories/wlc http://marc.theaimsgroup.com/?l=bugtraq&m=108761564006503&w=2 http://www.securityfocus.com/bid/10497|Buffer overflow in word-list-compress|b7b03bab-c296-11d8-bfb2-000bdb1444a4 -bnbt<7.5b3|http://www.osvdb.org/6336|BNBT Authorization Header DoS|0f9b3542-c35f-11d8-8898-000d6111a684 -scorched3d<0.37.2|http://marc.theaimsgroup.com/?l=bugtraq&m=108152473130133&w=2 http://www.osvdb.org/5086 http://www.freebsd.org/cgi/query-pr.cgi?pr=67541 http://secunia.com/advisories/11319 http://security.gentoo.org/glsa/glsa-200404-12.xml|Scorched 3D server chat box format string vulnerability|36808860-c363-11d8-8898-000d6111a684 -super<3.23.0|http://www.secunia.com/advisories/11899 http://www.debian.org/security/2004/dsa-522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0579|super format string vulnerability|fae06c04-c38c-11d8-8898-000d6111a684 -mailman<2.1.5|http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0412 http://www.osvdb.org/6422|mailman allows 3rd parties to retrieve member passwords|2a405a43-c396-11d8-8898-000d6111a684 -roundup<0.7.3|http://www.osvdb.org/6691 http://secunia.com/advisories/11801 http://xforce.iss.net/xforce/xfdb/16350 http://securityfocus.com/bid/10495 http://mail.python.org/pipermail/python-announce-list/2004-May/003126.html|Roundup remote file disclosure vulnerability|40800696-c3b0-11d8-864c-02e0185c0b53 -sqwebmail<4.0.5|http://www.securityfocus.com/archive/1/366595|Sqwebmail XSS vulnerability|c3e56efa-c42f-11d8-864c-02e0185c0b53 -isc-dhcp3<3.0.1.r11|http://www.cert.org/advisories/CA-2003-01.html http://www.kb.cert.org/vuls/id/284857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0026|ISC DHCPD minires library contains multiple buffer overflows|f71745cd-c509-11d8-8898-000d6111a684 -isc-dhcp3<3.0.1.r11_1|http://www.kb.cert.org/vuls/id/149953 http://www.securityfocus.com/bid/6628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0039|ISC "dhcrelay" fails to limit hop count when malicious bootp packet is received|02957734-c50b-11d8-8898-000d6111a684 -icecast2<2.0.1,1|http://secunia.com/advisories/11578 http://www.osvdb.org/6075|Icecast remote DoS vulnerability|8de7cf18-c5ca-11d8-8898-000d6111a684 -rssh<2.2.1|http://secunia.com/advisories/11926 http://www.securityfocus.com/archive/1/366691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0609 http://www.securityfocus.com/bid/10574 http://www.osvdb.org/7239|rssh file existence information disclosure weakness|a4815970-c5cc-11d8-8898-000d6111a684 -sup<=2.0|http://secunia.com/advisories/11898 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0451|CMU SUP logging format string vulnerabilities|238ea8eb-c5cf-11d8-8898-000d6111a684 -rlpr<2.04_1|http://secunia.com/advisories/11906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0454 http://www.osvdb.org/7194 http://www.osvdb.org/7195 http://securitytracker.com/id?1010545 http://www.securityfocus.com/archive/1/367045|rlpr "msg()" buffer overflow and format string vulnerabilities|29a72da5-c5ea-11d8-8898-000d6111a684 -pure-ftpd<1.0.19|http://www.pureftpd.org/ http://www.osvdb.org/7415|Pure-FTPd DoS when maximum number of connections is reached|ec5cf461-c691-11d8-8898-000d6111a684 -libxine<1.0.r4|http://www.xinehq.de/index.php/security/XSA-2004-3 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0433 http://secunia.com/advisories/11500|xine-lib RTSP handling vulnerabilities|83cbd52c-c8e8-11d8-8898-000d6111a684 -apache>=2.*<2.0.49_3|http://www.guninski.com/httpd1.html http://www.apacheweek.com/features/security-20 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493 http://secunia.com/advisories/11956 http://www.osvdb.org/7269|Apache input header folding DoS vulnerability|81a8c9c2-c94f-11d8-8898-000d6111a684 -isakmpd<20040611|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022399.html http://www.osvdb.org/6951 http://www.secunia.com/advisories/11827 http://www.securityfocus.com/bid/10496|isakmpd security association deletion vulnerability|9a73a5b4-c9b5-11d8-95ca-02e081301d81 -krb5<1.3.4|http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0523 http://www.osvdb.org/6846 http://secunia.com/advisories/11753 http://www.kb.cert.org/vuls/id/686862 http://www.securityfocus.com/bid/10448|MIT Kerberos 5 krb5_aname_to_localname() buffer overflow|5177b6e5-c9b7-11d8-95ca-02e081301d81 -png<1.2.5_6|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363 http://rhn.redhat.com/errata/RHSA-2003-006.html http://www.osvdb.org/7191 http://www.securityfocus.com/bid/6431|libpng row buffer overflow|1b78d43f-d32b-11d8-b479-02e0185c0b53 -linux-png<1.0.14_3|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363 http://rhn.redhat.com/errata/RHSA-2003-006.html http://www.osvdb.org/7191 http://www.securityfocus.com/bid/6431|libpng row buffer overflow|1b78d43f-d32b-11d8-b479-02e0185c0b53 -{ja-,}bugzilla<2.16.6|http://www.bugzilla.org/security/2.16.5/ http://secunia.com/advisories/12057 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0707 http://www.securityfocus.com/bid/10698|multiple vulnerabilities in Bugzilla|672975cb-d526-11d8-b479-02e0185c0b53 -wv<=1.0.0_1|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0645 http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities&flashstatus=false http://secunia.com/advisories/12040 http://www.osvdb.org/7761|wv library datetime field buffer overflow|7a5430df-d562-11d8-b479-02e0185c0b53 -ru-apache+mod_ssl<1.3.31+30.20+2.8.19|http://www.mail-archive.com/modssl-users@modssl.org/msg16853.html http://www.mail-archive.com/modssl-users@modssl.org/msg16855.html http://secunia.com/advisories/12077 http://www.osvdb.org/7929|mod_ssl format string vulnerability|a3b7cb56-d8a7-11d8-9b0a-000347a4fa7d -apache+mod_ssl*<1.3.31+2.8.19|http://www.mail-archive.com/modssl-users@modssl.org/msg16853.html http://www.mail-archive.com/modssl-users@modssl.org/msg16855.html http://secunia.com/advisories/12077 http://www.osvdb.org/7929|mod_ssl format string vulnerability|a3b7cb56-d8a7-11d8-9b0a-000347a4fa7d -subversion<1.0.6|http://subversion.tigris.org/security/mod_authz_svn-copy-advisory.txt http://secunia.com/advisories/12079 http://www.osvdb.org/8239|mod_authz_svn access control bypass|cc35a97d-da35-11d8-9b0a-000347a4fa7d -subversion-{perl,python}<1.0.6|http://subversion.tigris.org/security/mod_authz_svn-copy-advisory.txt http://secunia.com/advisories/12079 http://www.osvdb.org/8239|mod_authz_svn access control bypass|cc35a97d-da35-11d8-9b0a-000347a4fa7d -phpbb<2.0.10|http://secunia.com/advisories/12114 http://www.phpbb.com/support/documents.php?mode=changelog#209 http://www.osvdb.org/8164 http://www.osvdb.org/8165 http://www.osvdb.org/8166|phpBB cross site scripting vulnerabilities|c59dbaf0-dbe1-11d8-9b0a-000347a4fa7d -l2tpd<=0.69_2|http://www.securityfocus.com/archive/1/365211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0649 http://www.osvdb.org/6726 http://secunia.com/advisories/11788|l2tpd BSS-based buffer overflow|807b9ddd-dc11-11d8-9b0a-000347a4fa7d -dropbear<0.43|http://matt.ucc.asn.au/dropbear/dropbear.html http://secunia.com/advisories/12153|Dropbear DSS verification vulnerability|0316f983-dfb6-11d8-9b0a-000347a4fa7d -nessus<2.0.12|http://www.osvdb.org/8167 http://secunia.com/advisories/12127 http://www.securityfocus.com/bid/10784|Nessus "adduser" race condition vulnerability|054e4aad-dfb6-11d8-9b0a-000347a4fa7d -nessus-devel>=2.*<2.1.1|http://www.osvdb.org/8167 http://secunia.com/advisories/12127 http://www.securityfocus.com/bid/10784|Nessus "adduser" race condition vulnerability|054e4aad-dfb6-11d8-9b0a-000347a4fa7d -pavuk<=0.9.28_5|http://www.securityfocus.com/archive/1/370248 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1119.html http://secunia.com/advisories/12152 http://www.osvdb.org/8242 http://www.securityfocus.com/bid/10797 http://www.gentoo.org/cgi-bin/viewcvs.cgi/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch|pavuk digest auth buffer overflow|f67ea071-dfb8-11d8-9b0a-000347a4fa7d -lcdproc<0.4.5|http://sourceforge.net/project/shownotes.php?release_id=230910 http://secunia.com/advisories/11333 http://www.securityfocus.com/archive/1/360209 http://www.securityfocus.com/bid/10085 http://www.osvdb.org/5157 http://www.osvdb.org/5158 http://www.osvdb.org/5159 http://www.osvdb.org/5160|LCDProc buffer overflow/format string vulnerabilities|62d23317-e072-11d8-9a79-000347dd607f -dansguardian<2.8.0.1|http://secunia.com/advisories/12191 http://www.securityfocus.com/archive/1/370346 http://www.osvdb.org/8270|DansGuardian banned extension filter bypass vulnerability|f6fd9200-e20e-11d8-9b0a-000347a4fa7d -imp<3.2.5|http://www.greymagic.com/security/advisories/gm005-mc/ http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&r2=1.389.2.109&ty=h http://secunia.com/advisories/12202|XSS hole in the HTML viewer - This vulnerability only exists when using the Internet Explorer to access IMP and only when using the inline MIME viewer for HTML messages.|49189b47-e24d-11d8-9f75-000bdb1444a4 -phpMyAdmin<2.5.7.1|http://www.securityfocus.com/archive/1/367486 http://www.securityfocus.com/bid/10629 http://secunia.com/SA11974 http://www.osvdb.org/7314 http://www.osvdb.org/7315|phpMyAdmin configuration manipulation and code injection|56648b44-e301-11d8-9b0a-000347a4fa7d -gnutls<1.0.17|http://www.hornik.sk/SA/SA-20040802.txt http://secunia.com/advisories/12156|GnuTLS certificate chain verification DoS|84ab58cf-e4ac-11d8-9b0a-000347a4fa7d -gnutls-devel>=1.1.*<1.1.12|http://www.hornik.sk/SA/SA-20040802.txt http://secunia.com/advisories/12156|GnuTLS certificate chain verification DoS|84ab58cf-e4ac-11d8-9b0a-000347a4fa7d -{linux-,}opera<7.54|http://www.opera.com/freebsd/changelogs/754/ http://www.greymagic.com/security/advisories/gm008-op/ http://secunia.com/advisories/12233 http://www.osvdb.org/8331|Opera "location" object write access vulnerability|0deed2ce-e6f5-11d8-9a79-000347dd607f -putty<0.55|http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10 http://www.osvdb.org/8299 http://secunia.com/advisories/12212|modified server can execute commands on the client|4424f4db-e697-11d8-bf04-000c763e9a47 -cfengine2<2.1.8|http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10 http://secunia.com/advisories/12251|cfengine authentication heap corruption|f2a1dc8b-ea66-11d8-9440-000347a4fa7d -sympa<4.1.2|http://secunia.com/advisories/12286 http://www.sympa.org/release.html http://xforce.iss.net/xforce/xfdb/16984 http://www.securityfocus.com/bid/10941|Sympa unauthorized list creation|4a160c54-ed46-11d8-81b0-000347a4fa7d -phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://secunia.com/advisories/10602 http://www.osvdb.org/3473 http://www.osvdb.org/3474 http://www.osvdb.org/3475 http://www.osvdb.org/3476 http://www.osvdb.org/3477 http://www.osvdb.org/3478 http://www.osvdb.org/3479 http://www.osvdb.org/3480 http://www.osvdb.org/3481 http://www.osvdb.org/3482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0067 http://www.securityfocus.com/archive/1/349698|phpGedView: muliple vulnerabilities|c35d4cae-eed0-11d8-81b0-000347a4fa7d -{ja-,}phpgroupware<0.9.14.007|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0017 http://www.securityfocus.com/bid/9386 http://www.securityfocus.com/bid/9387 http://xforce.iss.net/xforce/xfdb/13489 http://xforce.iss.net/xforce/xfdb/14846 http://www.osvdb.org/2691 http://www.osvdb.org/6857 http://secunia.com/advisories/10046|phpGroupWare calendar and infolog SQL injection, calendar server side script execution|96fc0f03-ef13-11d8-81b0-000347a4fa7d -{ja-,}phpgroupware<0.9.16.002|http://freshmeat.net/releases/168144 http://www.osvdb.org/8354 http://xforce.iss.net/xforce/xfdb/16970|phpGroupWare stores passwords in plain text|82f16a40-ef12-11d8-81b0-000347a4fa7d -gallery<1.4.4.1|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021 http://www.osvdb.org/9019 http://secunia.com/advisories/12316 http://www.securityfocus.com/bid/10968|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d -apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d -a2ps-{a4,letter,letterdj}<4.13b_2|http://www.freebsd.org/cgi/query-pr.cgi?pr=70618 http://secunia.com/advisories/12375 http://www.osvdb.org/9176 http://www.securityfocus.com/bid/11025|a2ps: Possible execution of shell commands as local user|8091fcea-f35e-11d8-81b0-000347a4fa7d -{ja-,}xv<=3.10a_3|http://secunia.com/advisories/12352 http://www.securityfocus.com/archive/1/372345 http://www.osvdb.org/9115 http://www.osvdb.org/9118 http://www.osvdb.org/9119 http://www.osvdb.org/9120 http://www.securityfocus.com/bid/10985|multiple buffer overflows in xv|34c453ba-f686-11d8-81b0-000347a4fa7d -nss<3.9|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0564 http://secunia.com/advisories/11096 http://www.osvdb.org/4197|Mozilla / NSS S/MIME DoS vulnerability|65532ad9-f69b-11d8-81b0-000347a4fa7d -{ja-,ru-,}gaim<0.82|http://www.osvdb.org/9261 http://www.osvdb.org/9262 http://www.osvdb.org/9263 http://www.osvdb.org/9264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785 http://www.securityfocus.com/bid/11056 http://gaim.sourceforge.net/security/index.php|multiple vulnerabilities in gaim|8b29b312-fa6e-11d8-81b0-000347a4fa7d -{ja-,}samba<2.2.11.*|http://www.samba.org/samba/history/samba-2.2.11.html http://secunia.com/advisories/12397 http://www.osvdb.org/9362|samba printer change notification request DoS|d8ce23a5-fadc-11d8-81b0-000347a4fa7d -squid>=2.5.*<2.5.6_7|http://secunia.com/advisories/12444 http://www.squid-cache.org/bugs/show_bug.cgi?id=1045 http://www.securityfocus.com/bid/11098|Squid NTLM authentication helper DoS|7c351421-fdbd-11d8-81b0-000347a4fa7d -FreeBSD>=502120<503000|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361 http://www.securityfocus.com/bid/11051|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d -FreeBSD>=600000<600001|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361 http://www.securityfocus.com/bid/11051|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d -{ja-,}phpgroupware<0.9.16.003|http://secunia.com/advisories/12466 http://phpgroupware.org/ http://www.osvdb.org/9729 http://freshmeat.net/releases/171909|XSS vulnerability in phpGroupWare wiki module|64726098-00aa-11d9-81b0-000347a4fa7d -star>=1.5.*<1.5.a.46|http://lists.berlios.de/pipermail/star-users/2004-August/000239.html http://secunia.com/advisories/12484|Vulnerability in star versions that support ssh for remote tape access|6a5b2998-01c0-11d9-81b0-000347a4fa7d -multi-gnome-terminal<=1.6.2_1|http://www.gentoo.org/security/en/glsa/glsa-200409-10.xml http://cvs.sourceforge.net/viewcvs.py/multignometerm/multignometerm/gnome-terminal/enhanced_gui.c?r1=text&tr1=1.252&r2=text&tr2=1.253&diff_format=u http://www.osvdb.org/9752|Possible information leak in multi-gnome-terminal|cad7a2f4-01c2-11d9-81b0-000347a4fa7d -usermin<1.090|http://secunia.com/advisories/12488 http://www.webmin.com/uchanges.html http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html http://www.osvdb.org/9775 http://www.osvdb.org/9776|Usermin remote shell command injection and insecure installation vulnerability|9ef2a3cf-01c3-11d9-81b0-000347a4fa7d -mpg123<=0.59r_13|http://secunia.com/advisories/12478 http://www.osvdb.org/9748 http://www.alighieri.org/advisories/advisory-mpg123.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0805|mpg123 layer 2 decoder buffer overflow|780671ac-01e0-11d9-81b0-000347a4fa7d -imp<3.2.6|http://thread.gmane.org/gmane.comp.horde.imp/15488 http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.109&r2=1.389.2.111&ty=h|XSS hole in the HTML viewer - The script vulnerabilities can only be exposed with certain browsers and allow XSS attacks when viewing HTML messages with the HTML MIME viewer.|efc4819b-0b2d-11d9-bfe1-000bdb1444a4 -koffice<1.3.2_1,1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|ecf6713f-2549-11d9-945e-00e018f69096 -kdegraphics>=3.2.0<3.3.0_1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|6a04bf0e-254b-11d9-945e-00e018f69096 -horde{-php5}=3.0|http://thread.gmane.org/gmane.comp.horde.user/10059|Horde: two XSS vulnerabilities can be exposed by making an authenticated user click on a specially crafted URL and allows to execute JavaScript code in the context of Horde.|338d1723-5f03-11d9-92a7-000bdb1444a4 diff --git a/ports-mgmt/portaudit-db/database/portaudit.xlist b/ports-mgmt/portaudit-db/database/portaudit.xlist deleted file mode 100644 index 034472c025f7..000000000000 --- a/ports-mgmt/portaudit-db/database/portaudit.xlist +++ /dev/null @@ -1,26 +0,0 @@ -# portaudit exclude list -# $FreeBSD$ -3362f2c1-8344-11d8-a41f-0020ed76ef5a -5e7f58c3-b3f8-4258-aeb8-795e5e940ff8 -4aec9d58-ce7b-11d8-858d-000d610a3b12 -78348ea2-ec91-11d8-b913-000c41e2cdad -641859e8-eca1-11d8-b913-000c41e2cdad -603fe36d-ec9d-11d8-b913-000c41e2cdad -2de14f7a-dad9-11d8-b59a-00061bc2ad93 -7a9d5dfe-c507-11d8-8898-000d6111a684 -3a408f6f-9c52-11d8-9366-0020ed76ef5a -e5e2883d-ceb9-11d8-8898-000d6111a684 -74d06b67-d2cf-11d8-b479-02e0185c0b53 -265c8b00-d2d0-11d8-b479-02e0185c0b53 -4764cfd6-d630-11d8-b479-02e0185c0b53 -730db824-e216-11d8-9b0a-000347a4fa7d -f9e3e60b-e650-11d8-9b0a-000347a4fa7d -abe47a5a-e23c-11d8-9b0a-000347a4fa7d -a713c0f9-ec54-11d8-9440-000347a4fa7d -5b8f9a02-ec93-11d8-b913-000c41e2cdad -65a17a3f-ed6e-11d8-aff1-00061bc2ad93 -e811aaf1-f015-11d8-876f-00902714cc7c -ebffe27a-f48c-11d8-9837-000c41e2cdad -0d3a5148-f512-11d8-9837-000c41e2cdad -b6cad7f3-fb59-11d8-9837-000c41e2cdad -d2102505-f03d-11d8-81b0-000347a4fa7d diff --git a/ports-mgmt/portaudit-db/database/portaudit.xml b/ports-mgmt/portaudit-db/database/portaudit.xml deleted file mode 100644 index 61aac6d73564..000000000000 --- a/ports-mgmt/portaudit-db/database/portaudit.xml +++ /dev/null @@ -1,1107 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- -Copyright (c) 2004 Oliver Eikemeier - -Redistribution and use in source (XML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: - -- Redistributions of source code (XML) must retain the above copyright - notice, this list of conditions and the following disclaimer as - the first lines of this file unmodified. - -- Redistributions in compiled form (transformed to other DTDs, - converted to PDF, PostScript, RTF and other formats) must reproduce - the above copyright notice, this list of conditions and the - following disclaimer in the documentation and/or other materials - provided with the distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS -OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE -GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER -IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ - ---> -<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.1//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd"> -<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> - - <vuln vid="42e330ab-82a4-11d8-868e-000347dd607f"> - <topic>MPlayer remotely exploitable buffer overflow in the ASX parser</topic> - <affects> - <package> - <name>mplayer{,-gtk}{,-esound}</name> - <range><lt>0.92</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>A remotely exploitable buffer overflow vulnerability was found in - MPlayer. A malicious host can craft a harmful ASX header, - and trick MPlayer into executing arbitrary code upon parsing that header.</p> - </body> - </description> - <references> - <url>http://www.mplayerhq.hu/</url> - <url>http://www.securityfocus.com/archive/1/339330</url> - <url>http://www.securityfocus.com/archive/1/339193</url> - <cvename>CAN-2003-0835</cvename> - <bid>8702</bid> - </references> - <dates> - <discovery>2003-09-24</discovery> - <entry>2004-03-30</entry> - </dates> - </vuln> - - <vuln vid="d8c46d74-8288-11d8-868e-000347dd607f"> - <topic>MPlayer remotely exploitable buffer overflow in the HTTP parser</topic> - <affects> - <package> - <name>mplayer{,-gtk}{,-esound}</name> - <range><lt>0.92.1</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>A remotely exploitable buffer overflow vulnerability was found in - MPlayer. A malicious host can craft a harmful HTTP header ("Location:"), - and trick MPlayer into executing arbitrary code upon parsing that header.</p> - </body> - </description> - <references> - <url>http://www.mplayerhq.hu/</url> - <url>http://www.securityfocus.com/archive/1/359029</url> - <url>http://www.securityfocus.com/archive/1/359025</url> - <cvename>CAN-2004-0386</cvename> - </references> - <dates> - <discovery>2004-03-29</discovery> - <entry>2004-03-30</entry> - </dates> - </vuln> - - <vuln vid="1ed556e6-734f-11d8-868e-000347dd607f"> - <cancelled superseded="1a448eb7-6988-11d8-873f-0020ed76ef5a"/> - </vuln> - - <vuln vid="4aec9d58-ce7b-11d8-858d-000d610a3b12"> - <cancelled superseded="c63936c1-caed-11d8-8898-000d6111a684"/> - </vuln> - - <vuln vid="c63936c1-caed-11d8-8898-000d6111a684"> - <topic>SSLtelnet remote format string vulnerability</topic> - <affects> - <package> - <name>SSLtelnet</name> - <range><le>0.13_1</le></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>SSLtelnet contains a format string vulnerability - that could allow remote code execution.</p> - </body> - </description> - <references> - <mlist msgid="FB24803D1DF2A34FA59FC157B77C970502D684B7@idserv04.idef.com">http://lists.freebsd.org/pipermail/freebsd-ports/2004-June/013878.html</mlist> - <url>http://www.idefense.com/application/poi/display?id=114&type=vulnerabilities&flashstatus=false</url> - <cvename>CAN-2004-0640</cvename> - <url>http://www.osvdb.org/7594</url> - <url>http://secunia.com/advisories/12032</url> - </references> - <dates> - <discovery>2003-04-03</discovery> - <entry>2004-06-30</entry> - </dates> - </vuln> - - <vuln vid="7eded4b8-e6fe-11d8-b12f-0a001f31891a"> - <cancelled superseded="2de14f7a-dad9-11d8-b59a-00061bc2ad93"/> - </vuln> - - <vuln vid="f72ccf7c-e607-11d8-9b0a-000347a4fa7d"> - <cancelled superseded="6f955451-ba54-11d8-b88c-000d610a3b12"/> - </vuln> - - <vuln vid="9fb5bb32-d6fa-11d8-b479-02e0185c0b53"> - <cancelled superseded="40800696-c3b0-11d8-864c-02e0185c0b53"/> - </vuln> - - <vuln vid="78348ea2-ec91-11d8-b913-000c41e2cdad"> - <cancelled superseded="ab166a60-e60a-11d8-9b0a-000347a4fa7d"/> - </vuln> - - <vuln vid="ab166a60-e60a-11d8-9b0a-000347a4fa7d"> - <topic>Acrobat Reader handling of malformed uuencoded pdf files</topic> - <affects> - <package> - <name>acroread</name> - <range><lt>5.09</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Remote exploitation of an input validation error in the uudecoding - feature of Adobe Acrobat Reader (Unix) 5.0 allows an attacker to execute - arbitrary code.</p> - </body> - </description> - <references> - <url>http://www.osvdb.org/7429</url> - <url>http://freshmeat.net/releases/164883</url> - <cvename>CAN-2004-0630</cvename> - <cvename>CAN-2004-0631</cvename> - <url>http://secunia.com/advisories/12285</url> - <url>http://xforce.iss.net/xforce/xfdb/16972</url> - <url>http://xforce.iss.net/xforce/xfdb/16973</url> - <url>http://www.idefense.com/application/poi/display?id=124&type=vulnerabilities&flashstatus=false</url> - <url>http://www.idefense.com/application/poi/display?id=125&type=vulnerabilities&flashstatus=false</url> - <url>http://www.osvdb.org/8654</url> - <url>http://www.osvdb.org/8655</url> - <bid>10931</bid> - <bid>10932</bid> - </references> - <dates> - <discovery>2004-03-30</discovery> - <entry>2004-08-04</entry> - </dates> - </vuln> - - <vuln vid="603fe36d-ec9d-11d8-b913-000c41e2cdad"> - <cancelled superseded="a4bd1cd3-eb25-11d8-978e-00e018f69096"/> - </vuln> - - <vuln vid="cd95b452-eca6-11d8-afa6-ed04757064bb"> - <cancelled superseded="a4bd1cd3-eb25-11d8-978e-00e018f69096"/> - </vuln> - - <vuln vid="a4bd1cd3-eb25-11d8-978e-00e018f69096"> - <topic>KDElibs temporary directory vulnerability</topic> - <affects> - <package> - <name>kdelibs</name> - <range><lt>3.2.3_5</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>In some cases the - integrity of symlinks used by KDE are not ensured and that - these symlinks can be pointing to stale locations. This can - be abused by a local attacker to create or truncate arbitrary - files or to prevent KDE applications from functioning - correctly (Denial of Service).</p> - </body> - </description> - <references> - <url>http://www.kde.org/info/security/advisory-20040811-1.txt</url> - <cvename>CAN-2004-0689</cvename> - <url>http://www.osvdb.org/8589</url> - <url>http://secunia.com/advisories/12276</url> - </references> - <dates> - <discovery>2004-06-23</discovery> - <entry>2004-08-12</entry> - <modified>2004-08-13</modified> - </dates> - </vuln> - - <vuln vid="608ceab8-eca3-11d8-afa6-ed04757064bb"> - <topic>DCOPServer Temporary Filename Vulnerability</topic> - <affects> - <package> - <name>kdelibs</name> - <range><lt>3.2.3_4</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>KDE's DCOPServer creates - temporary files in an insecure manner. Since the temporary - files are used for authentication related purposes this can - potentially allow a local attacker to compromise the account of - any user which runs a KDE application.</p> - </body> - </description> - <references> - <url>http://www.kde.org/info/security/advisory-20040811-2.txt</url> - <cvename>CAN-2004-0690</cvename> - <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386</url> - <url>http://www.osvdb.org/8590</url> - <url>http://secunia.com/advisories/12276</url> - </references> - <dates> - <discovery>2004-07-25</discovery> - <entry>2004-08-12</entry> - <modified>2004-08-13</modified> - </dates> - </vuln> - - <vuln vid="641859e8-eca1-11d8-b913-000c41e2cdad"> - <cancelled superseded="2e395baa-eb26-11d8-978e-00e018f69096"/> - </vuln> - - <vuln vid="2e395baa-eb26-11d8-978e-00e018f69096"> - <topic>Konqueror frame injection vulnerability</topic> - <affects> - <package> - <name>kdebase</name> - <range><lt>3.2.3_1</lt></range> - </package> - <package> - <name>kdelibs</name> - <range><lt>3.2.3_3</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>The Konqueror webbrowser allows websites to load webpages into - a frame of any other frame-based webpage that the user may have open.</p> - </body> - </description> - <references> - <url>http://www.kde.org/info/security/advisory-20040811-3.txt</url> - <cvename>CAN-2004-0721</cvename> - <url>http://secunia.com/advisories/11978</url> - <url>http://www.heise.de/newsticker/meldung/48793</url> - <url>http://bugs.kde.org/show_bug.cgi?id=84352</url> - </references> - <dates> - <discovery>2004-07-01</discovery> - <entry>2004-08-11</entry> - <modified>2004-08-13</modified> - </dates> - </vuln> - - <vuln vid="2de14f7a-dad9-11d8-b59a-00061bc2ad93"> - <topic>Multiple Potential Buffer Overruns in Samba</topic> - <affects> - <package> - <name>samba</name> - <range><ge>3.*</ge><lt>3.0.5,1</lt></range> - <range><lt>2.2.10</lt></range> - </package> - <package> - <name>ja-samba</name> - <range><lt>2.2.10.*</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Evgeny Demidov discovered that the Samba server has a - buffer overflow in the Samba Web Administration Tool (SWAT) - on decoding Base64 data during HTTP Basic Authentication. - Versions 3.0.2 through 3.0.4 are affected.</p> - <p>Another buffer overflow bug has been found in the code - used to support the "mangling method = hash" smb.conf - option. The default setting for this parameter is "mangling - method = hash2" and therefore not vulnerable. Versions - between 2.2.0 through 2.2.9 and 3.0.0 through 3.0.4 are affected. - </p> - </body> - </description> - <references> - <cvename>CAN-2004-0600</cvename> - <cvename>CAN-2004-0686</cvename> - <mlist msgid="web-53121174@cgp.agava.net">http://www.securityfocus.com/archive/1/369698</mlist> - <mlist msgid="200407222031.25086.bugtraq@beyondsecurity.com">http://www.securityfocus.com/archive/1/369706</mlist> - <url>http://www.samba.org/samba/whatsnew/samba-3.0.5.html</url> - <url>http://www.samba.org/samba/whatsnew/samba-2.2.10.html</url> - <url>http://www.osvdb.org/8190</url> - <url>http://www.osvdb.org/8191</url> - <url>http://secunia.com/advisories/12130</url> - </references> - <dates> - <discovery>2004-07-14</discovery> - <entry>2004-07-21</entry> - <modified>2004-07-22</modified> - </dates> - </vuln> - - <vuln vid="7a9d5dfe-c507-11d8-8898-000d6111a684"> - <topic>isc-dhcp3-server buffer overflow in logging mechanism</topic> - <affects> - <package> - <name>isc-dhcp3-{relay,server}</name> - <range><ge>3.0.1.r12</ge><lt>3.0.1.r14</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>A buffer overflow exists in the logging functionality - of the DHCP daemon which could lead to Denial of Service - attacks and has the potential to allow attackers to - execute arbitrary code.</p> - </body> - </description> - <references> - <cvename>CAN-2004-0460</cvename> - <url>http://www.osvdb.org/7237</url> - <uscertta>TA04-174A</uscertta> - <certvu>317350</certvu> - <mlist msgid="BAY13-F94UHMuEEkHMz0005c4f7@hotmail.com">http://www.securityfocus.com/archive/1/366801</mlist> - <mlist msgid="40DFAB69.1060909@sympatico.ca">http://www.securityfocus.com/archive/1/367286</mlist> - </references> - <dates> - <discovery>2004-06-22</discovery> - <entry>2004-06-25</entry> - <modified>2004-06-28</modified> - </dates> - </vuln> - - <vuln vid="3a408f6f-9c52-11d8-9366-0020ed76ef5a"> - <topic>libpng denial-of-service</topic> - <affects> - <package> - <name>linux-png</name> - <range><le>1.0.14_3</le></range> - <range><ge>1.2.*</ge><le>1.2.2</le></range> - </package> - <package> - <name>png</name> - <range><lt>1.2.5_4</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Steve Grubb reports a buffer read overrun in - libpng's png_format_buffer function. A specially - constructed PNG image processed by an application using - libpng may trigger the buffer read overrun and possibly - result in an application crash.</p> - </body> - </description> - <references> - <cvename>CAN-2004-0421</cvename> - <url>http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120508</url> - <url>http://rhn.redhat.com/errata/RHSA-2004-181.html</url> - <url>http://secunia.com/advisories/11505</url> - <url>http://www.osvdb.org/5726</url> - <bid>10244</bid> - <url>http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7</url> - </references> - <dates> - <discovery>2004-04-29</discovery> - <entry>2004-05-02</entry> - <modified>2004-08-10</modified> - </dates> - </vuln> - - <vuln vid="e5e2883d-ceb9-11d8-8898-000d6111a684"> - <topic>MySQL authentication bypass / buffer overflow</topic> - <affects> - <package> - <name>mysql-server</name> - <range><ge>4.1.*</ge><lt>4.1.3</lt></range> - <range><ge>5.*</ge><le>5.0.0_2</le></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>By submitting a carefully crafted authentication packet, it is possible - for an attacker to bypass password authentication in MySQL 4.1. Using a - similar method, a stack buffer used in the authentication mechanism can - be overflowed.</p> - </body> - </description> - <references> - <url>http://www.nextgenss.com/advisories/mysql-authbypass.txt</url> - <url>http://dev.mysql.com/doc/mysql/en/News-4.1.3.html</url> - <url>http://secunia.com/advisories/12020</url> - <url>http://www.osvdb.org/7475</url> - <url>http://www.osvdb.org/7476</url> - <mlist msgid="Pine.LNX.4.44.0407080940550.9602-200000@pineapple.shacknet.nu">http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html</mlist> - <cvename>CAN-2004-0627</cvename> - <cvename>CAN-2004-0628</cvename> - <certvu>184030</certvu> - <certvu>645326</certvu> - </references> - <dates> - <discovery>2004-07-01</discovery> - <entry>2004-07-05</entry> - </dates> - </vuln> - - <vuln vid="74d06b67-d2cf-11d8-b479-02e0185c0b53"> - <topic>multiple vulnerabilities in ethereal</topic> - <affects> - <package> - <name>ethereal{,-lite}</name> - <name>tethereal{,-lite}</name> - <range><lt>0.10.4</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Issues have been discovered in multiple protocol dissectors.</p> - </body> - </description> - <references> - <url>http://www.ethereal.com/appnotes/enpa-sa-00014.html</url> - <cvename>CAN-2004-0504</cvename> - <cvename>CAN-2004-0505</cvename> - <cvename>CAN-2004-0506</cvename> - <cvename>CAN-2004-0507</cvename> - <url>http://secunia.com/advisories/11608</url> - <bid>10347</bid> - <url>http://www.osvdb.org/6131</url> - <url>http://www.osvdb.org/6132</url> - <url>http://www.osvdb.org/6133</url> - <url>http://www.osvdb.org/6134</url> - </references> - <dates> - <discovery>2004-05-13</discovery> - <entry>2004-07-11</entry> - </dates> - </vuln> - - <vuln vid="265c8b00-d2d0-11d8-b479-02e0185c0b53"> - <topic>multiple vulnerabilities in ethereal</topic> - <affects> - <package> - <name>ethereal{,-lite}</name> - <name>tethereal{,-lite}</name> - <range><lt>0.10.5</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Issues have been discovered in multiple protocol dissectors.</p> - </body> - </description> - <references> - <url>http://www.ethereal.com/appnotes/enpa-sa-00015.html</url> - <cvename>CAN-2004-0633</cvename> - <cvename>CAN-2004-0634</cvename> - <cvename>CAN-2004-0635</cvename> - <url>http://secunia.com/advisories/12024</url> - <bid>10672</bid> - <url>http://www.osvdb.org/7536</url> - <url>http://www.osvdb.org/7537</url> - <url>http://www.osvdb.org/7538</url> - </references> - <dates> - <discovery>2004-07-06</discovery> - <entry>2004-07-11</entry> - </dates> - </vuln> - - <vuln vid="4764cfd6-d630-11d8-b479-02e0185c0b53"> - <topic>PHP memory_limit and strip_tags() vulnerabilities</topic> - <affects> - <package> - <name>php4</name> - <name>php4-{cgi,cli,dtc,horde,nms}</name> - <name>mod_php4-twig</name> - <range><lt>4.3.8</lt></range> - </package> - <package> - <name>mod_php4</name> - <range><lt>4.3.8,1</lt></range> - </package> - <package> - <name>php5</name> - <name>php5-{cgi,cli}</name> - <range><lt>5.0.0</lt></range> - </package> - <package> - <name>mod_php5</name> - <range><lt>5.0.0,1</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Stefan Esser has reported two vulnerabilities in PHP, which can - be exploited by malicious people to bypass security functionality - or compromise a vulnerable system. An error within PHP's memory_limit - request termination allows remote code execution on PHP servers - with activated memory_limit. A binary safety problem within PHP's - strip_tags() function may allow injection of arbitrary tags in - Internet Explorer and Safari browsers.</p> - </body> - </description> - <references> - <url>http://www.php.net/ChangeLog-4.php</url> - <url>http://www.php.net/ChangeLog-5.php</url> - <url>http://security.e-matters.de/advisories/112004.html</url> - <url>http://security.e-matters.de/advisories/122004.html</url> - <url>http://secunia.com/advisories/12064</url> - <url>http://www.osvdb.org/7870</url> - <url>http://www.osvdb.org/7871</url> - <cvename>CAN-2004-0594</cvename> - <cvename>CAN-2004-0595</cvename> - </references> - <dates> - <discovery>2007-07-07</discovery> - <entry>2004-07-15</entry> - </dates> - </vuln> - - <vuln vid="730db824-e216-11d8-9b0a-000347a4fa7d"> - <topic>Mozilla / Firefox user interface spoofing vulnerability</topic> - <affects> - <package> - <name>firefox</name> - <range><le>0.9.1_1</le></range> - </package> - <package> - <name>linux-mozilla</name> - <range><le>1.7.1</le></range> - </package> - <package> - <name>linux-mozilla-devel</name> - <range><le>1.7.1</le></range> - </package> - <package> - <name>mozilla</name> - <range><le>1.7.1,2</le></range> - <range><ge>1.8.*,2</ge><le>1.8.a2,2</le></range> - </package> - <package> - <name>mozilla-gtk1</name> - <range><le>1.7.1_1</le></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>A vulnerability has been reported in Mozilla and Firefox, - allowing malicious websites to spoof the user interface.</p> - </body> - </description> - <references> - <url>http://bugzilla.mozilla.org/show_bug.cgi?id=252198</url> - <url>http://www.nd.edu/~jsmith30/xul/test/spoof.html</url> - <url>http://secunia.com/advisories/12188</url> - <bid>10832</bid> - <cvename>CAN-2004-0764</cvename> - </references> - <dates> - <discovery>2004-07-19</discovery> - <entry>2004-07-30</entry> - </dates> - </vuln> - - <vuln vid="f9e3e60b-e650-11d8-9b0a-000347a4fa7d"> - <topic>libpng stack-based buffer overflow and other code concerns</topic> - <affects> - <package> - <name>png</name> - <range><le>1.2.5_7</le></range> - </package> - <package> - <name>linux-png</name> - <range><le>1.0.14_3</le></range> - <range><ge>1.2.*</ge><le>1.2.2</le></range> - </package> - <package> - <name>firefox</name> - <range><lt>0.9.3</lt></range> - </package> - <package> - <name>thunderbird</name> - <range><lt>0.7.3</lt></range> - </package> - <package> - <name>linux-mozilla</name> - <range><lt>1.7.2</lt></range> - </package> - <package> - <name>linux-mozilla-devel</name> - <range><lt>1.7.2</lt></range> - </package> - <package> - <name>mozilla</name> - <range><lt>1.7.2,2</lt></range> - <range><ge>1.8.*,2</ge><le>1.8.a2,2</le></range> - </package> - <package> - <name>mozilla-gtk1</name> - <range><lt>1.7.2</lt></range> - </package> - <package> - <name>netscape-{communicator,navigator}</name> - <range><le>4.78</le></range> - </package> - <package> - <name>linux-netscape-{communicator,navigator}</name> - <name>{ja,ko}-netscape-{communicator,navigator}-linux</name> - <range><le>4.8</le></range> - </package> - <package> - <name>{,ja-}netscape7</name> - <range><le>7.1</le></range> - </package> - <package> - <name>{de-,fr-,pt_BR-}netscape7</name> - <range><le>7.02</le></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Chris Evans has discovered multiple vulnerabilities in libpng, - which can be exploited by malicious people to compromise a - vulnerable system or cause a DoS (Denial of Service).</p> - </body> - </description> - <references> - <mlist msgid="Pine.LNX.4.58.0408041840080.20655@sphinx.mythic-beasts.com">http://www.securityfocus.com/archive/1/370853</mlist> - <url>http://scary.beasts.org/security/CESA-2004-001.txt</url> - <url>http://www.osvdb.org/8312</url> - <url>http://www.osvdb.org/8313</url> - <url>http://www.osvdb.org/8314</url> - <url>http://www.osvdb.org/8315</url> - <url>http://www.osvdb.org/8316</url> - <cvename>CAN-2004-0597</cvename> - <cvename>CAN-2004-0598</cvename> - <cvename>CAN-2004-0599</cvename> - <certvu>388984</certvu> - <certvu>236656</certvu> - <certvu>160448</certvu> - <certvu>477512</certvu> - <certvu>817368</certvu> - <certvu>286464</certvu> - <url>http://secunia.com/advisories/12219</url> - <url>http://secunia.com/advisories/12232</url> - <url>http://bugzilla.mozilla.org/show_bug.cgi?id=251381</url> - <url>http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2</url> - <uscertta>TA04-217A</uscertta> - <url>http://dl.sourceforge.net/sourceforge/libpng/ADVISORY.txt</url> - </references> - <dates> - <discovery>2004-08-04</discovery> - <entry>2004-08-04</entry> - <modified>2004-08-12</modified> - </dates> - </vuln> - - <vuln vid="abe47a5a-e23c-11d8-9b0a-000347a4fa7d"> - <topic>Mozilla certificate spoofing</topic> - <affects> - <package> - <name>firefox</name> - <range><ge>0.9.1</ge><le>0.9.2</le></range> - </package> - <package> - <name>linux-mozilla</name> - <range><lt>1.7.2</lt></range> - </package> - <package> - <name>linux-mozilla-devel</name> - <range><lt>1.7.2</lt></range> - </package> - <package> - <name>mozilla</name> - <range><lt>1.7.2,2</lt></range> - <range><ge>1.8.*,2</ge><le>1.8.a2,2</le></range> - </package> - <package> - <name>mozilla-gtk1</name> - <range><lt>1.7.2</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Mozilla and Mozilla Firefox contains a flaw that may - allow a malicious user to spoof SSL certification.</p> - </body> - </description> - <references> - <mlist msgid="003a01c472ba$b2060900$6501a8c0@sec">http://www.securityfocus.com/archive/1/369953</mlist> - <url>http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisory</url> - <url>http://secunia.com/advisories/12160</url> - <url>http://bugzilla.mozilla.org/show_bug.cgi?id=253121</url> - <url>http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2</url> - <url>http://www.osvdb.org/8238</url> - <bid>10796</bid> - <cvename>CAN-2004-0763</cvename> - </references> - <dates> - <discovery>2004-07-25</discovery> - <entry>2004-07-30</entry> - <modified>2004-08-05</modified> - </dates> - </vuln> - - <vuln vid="a713c0f9-ec54-11d8-9440-000347a4fa7d"> - <topic>ImageMagick png and bmp vulnerabilities</topic> - <affects> - <package> - <name>ImageMagick{,-nox11}</name> - <range><lt>6.0.6</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Glenn Randers-Pehrson has contributed a fix for the png - vulnerabilities discovered by Chris Evans.</p> - <p>Furthermore, Marcus Meissner has discovered and patched a buffer - overrun associated with decoding runlength-encoded BMP images.</p> - </body> - </description> - <references> - <url>http://studio.imagemagick.org/pipermail/magick-users/2004-August/013218.html</url> - <url>http://studio.imagemagick.org/pipermail/magick-developers/2004-August/002011.html</url> - <url>http://freshmeat.net/releases/169228</url> - <url>http://secunia.com/advisories/12236</url> - <url>http://secunia.com/advisories/12479</url> - <url>http://www.freebsd.org/ports/portaudit/f9e3e60b-e650-11d8-9b0a-000347a4fa7d.html</url> - </references> - <dates> - <discovery>2004-08-04</discovery> - <entry>2004-08-04</entry> - <modified>2004-09-03</modified> - </dates> - </vuln> - - <vuln vid="0139e7e0-e850-11d8-9440-000347a4fa7d"> - <topic>CVStrac remote code execution vulnerability</topic> - <affects> - <package> - <name>cvstrac</name> - <range><lt>1.1.4</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>CVStrac contains a flaw that may allow a remote attacker - to execute arbitrary commands.</p> - </body> - </description> - <references> - <mlist msgid="20040805175709.6995.qmail@web50508.mail.yahoo.com">http://www.securityfocus.com/archive/1/370955</mlist> - <url>http://secunia.com/advisories/12090</url> - <url>http://www.osvdb.org/8373</url> - <url>http://www.cvstrac.org/cvstrac/chngview?cn=316</url> - </references> - <dates> - <discovery>2004-08-05</discovery> - <entry>2004-08-13</entry> - </dates> - </vuln> - - <vuln vid="5b8f9a02-ec93-11d8-b913-000c41e2cdad"> - <topic>gaim remotely exploitable vulnerabilities in MSN component</topic> - <affects> - <package> - <name>{ja-,ru-,}gaim</name> - <range><lt>0.81_1</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Sebastian Krahmer discovered several remotely exploitable - buffer overflow vulnerabilities in the MSN component of - gaim.</p> - </body> - </description> - <references> - <cvename>CAN-2004-0500</cvename> - <url>http://secunia.com/advisories/12125</url> - <url>http://www.osvdb.org/8382</url> - <url>http://www.osvdb.org/8961</url> - <url>http://www.osvdb.org/8962</url> - <url>http://www.suse.com/de/security/2004_25_gaim.html</url> - <bid>10865</bid> - </references> - <dates> - <discovery>2004-08-12</discovery> - <entry>2004-08-12</entry> - <modified>2004-08-30</modified> - </dates> - </vuln> - - <vuln vid="65a17a3f-ed6e-11d8-aff1-00061bc2ad93"> - <topic>jftpgw remote syslog format string vulnerability</topic> - <affects> - <package> - <name>jftpgw</name> - <range><lt>0.13.5</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Remote authenticated users can execute arbitrary code by - passing a malicious string containing format specifiers.</p> - </body> - </description> - <references> - <cvename>CAN-2004-0448</cvename> - <bid>10438</bid> - <url>http://secunia.com/advisories/11732</url> - <url>http://www.debian.org/security/2004/dsa-510</url> - </references> - <dates> - <discovery>2004-05-29</discovery> - <entry>2004-08-13</entry> - </dates> - </vuln> - - <vuln vid="e811aaf1-f015-11d8-876f-00902714cc7c"> - <cancelled superseded="a800386e-ef7e-11d8-81b0-000347a4fa7d"/> - </vuln> - - <vuln vid="a800386e-ef7e-11d8-81b0-000347a4fa7d"> - <topic>ruby CGI::Session insecure file creation</topic> - <affects> - <package> - <name>ruby{,_r,_static}</name> - <range><lt>1.6.8.2004.07.28</lt></range> - <range><ge>1.8.*</ge><lt>1.8.2.p2</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Rubys CGI session management store session information insecurely, - which can be exploited by a local attacker to take over a session.</p> - </body> - </description> - <references> - <cvename>CAN-2004-0755</cvename> - <url>http://secunia.com/advisories/12290</url> - <url>http://www.debian.org/security/2004/dsa-537</url> - <url>http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/ChangeLog?rev=1.2673.2.410</url> - <url>http://www.osvdb.org/8845</url> - </references> - <dates> - <discovery>2004-07-22</discovery> - <entry>2004-08-16</entry> - <modified>2004-08-16</modified> - </dates> - </vuln> - - <vuln vid="ebffe27a-f48c-11d8-9837-000c41e2cdad"> - <cancelled superseded="eda0ade6-f281-11d8-81b0-000347a4fa7d"/> - </vuln> - - <vuln vid="eda0ade6-f281-11d8-81b0-000347a4fa7d"> - <topic>Qt 3.x BMP heap-based overflow, GIF and XPM DoS NULL pointer dereference</topic> - <affects> - <package> - <name>qt</name> - <range><ge>3.*</ge><lt>3.3.3</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Chris Evans has discovered flaws in th handling of various bitmap - formats, allowing the execution of arbitrary code or causing a DoS.</p> - </body> - </description> - <references> - <url>http://scary.beasts.org/security/CESA-2004-004.txt</url> - <url>http://secunia.com/advisories/12325</url> - <cvename>CAN-2004-0691</cvename> - <cvename>CAN-2004-0692</cvename> - <cvename>CAN-2004-0693</cvename> - <url>http://www.osvdb.org/9026</url> - <url>http://xforce.iss.net/xforce/xfdb/17040</url> - <url>http://xforce.iss.net/xforce/xfdb/17041</url> - <url>http://xforce.iss.net/xforce/xfdb/17042</url> - </references> - <dates> - <discovery>2004-08-18</discovery> - <entry>2004-08-20</entry> - </dates> - </vuln> - - <vuln vid="0d3a5148-f512-11d8-9837-000c41e2cdad"> - <cancelled superseded="bacbc357-ea65-11d8-9440-000347a4fa7d"/> - </vuln> - - <vuln vid="bacbc357-ea65-11d8-9440-000347a4fa7d"> - <topic>SpamAssassin DoS vulnerability</topic> - <affects> - <package> - <name>p5-Mail-SpamAssassin</name> - <range><lt>2.64</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Unspecified malformed messages can be used to - cause a DoS (Denial of Service).</p> - </body> - </description> - <references> - <url>http://secunia.com/advisories/12255</url> - <mlist msgid="20040805034902.6DF465900BB@radish.jmason.org>">http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2</mlist> - <cvename>CAN-2004-0796</cvename> - <bid>10957</bid> - </references> - <dates> - <discovery>2004-08-05</discovery> - <entry>2004-08-10</entry> - </dates> - </vuln> - - <vuln vid="77cc070b-fdbe-11d8-81b0-000347a4fa7d"> - <topic>vpopmail multiple vulnerabilities</topic> - <affects> - <package> - <name>vpopmail</name> - <range><lt>5.4.6</lt></range> - </package> - <package> - <name>vpopmail-devel</name> - <range><lt>5.5.0</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Inter7 vpopmail (vchkpw) versions 5.4.2 and earlier contain - buffer overflows and format string vulnerabilities in the file vsybase.c</p> - <p>The buffer overflows are not fixed in versions 5.4.6/5.5.0, but are - believed to be very hard to exploit, and only by administrators able to add users.</p> - </body> - </description> - <references> - <url>http://www.osvdb.org/9146</url> - <url>http://www.osvdb.org/9147</url> - <url>http://www.osvdb.org/9148</url> - <bid>10962</bid> - <url>http://secunia.com/advisories/12441</url> - <url>http://cvs.sourceforge.net/viewcvs.py/vpopmail/vpopmail/vsybase.c?r1=1.9.2.1&r2=1.9.2.2</url> - <url>http://www.kupchino.org.ru/unl0ck/advisories/vpopmail.txt</url> - <mlist msgid="200408181347.12199.bugtraq@beyondsecurity.com">http://www.securityfocus.com/archive/1/372257</mlist> - <mlist msgid="58114.66.79.185.80.1092936304.squirrel@mail.xyxx.com">http://www.securityfocus.com/archive/1/372468</mlist> - <url>http://xforce.iss.net/xforce/xfdb/17016</url> - <url>http://xforce.iss.net/xforce/xfdb/17017</url> - <url>http://security.gentoo.org/glsa/glsa-200409-01.xml</url> - </references> - <dates> - <discovery>2004-08-17</discovery> - <entry>2004-09-03</entry> - </dates> - </vuln> - - <vuln vid="d2102505-f03d-11d8-81b0-000347a4fa7d"> - <topic>multiple vulnerabilities in the cvs server code</topic> - <affects> - <package> - <name>cvs+ipv6</name> - <range><lt>1.11.17</lt></range> - </package> - <package> - <name>FreeBSD</name> - <range><lt>491101</lt></range> - <range><ge>500000</ge><lt>502114</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Stefan Esser reports multiple remote exploitable vulnerabilites - in the cvs code base.</p> - <p>Additionaly there exists an undocumented switch to the history - command allows an attacker to determine whether arbitrary files - exist and whether the CVS process can access them.</p> - </body> - </description> - <references> - <cvename>CAN-2004-0414</cvename> - <cvename>CAN-2004-0416</cvename> - <cvename>CAN-2004-0417</cvename> - <cvename>CAN-2004-0418</cvename> - <cvename>CAN-2004-0778</cvename> - <url>http://secunia.com/advisories/11817</url> - <url>http://secunia.com/advisories/12309</url> - <url>http://security.e-matters.de/advisories/092004.html</url> - <url>http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities&flashstatus=false</url> - <url>https://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.104</url> - <url>http://www.osvdb.org/6830</url> - <url>http://www.osvdb.org/6831</url> - <url>http://www.osvdb.org/6832</url> - <url>http://www.osvdb.org/6833</url> - <url>http://www.osvdb.org/6834</url> - <url>http://www.osvdb.org/6835</url> - <url>http://www.osvdb.org/6836</url> - <url>http://www.packetstormsecurity.org/0405-exploits/cvs_linux_freebsd_HEAP.c</url> - <bid>10499</bid> - </references> - <dates> - <discovery>2004-05-20</discovery> - <entry>2004-08-17</entry> - </dates> - </vuln> - - <vuln vid="59669fc9-fdf4-11d8-81b0-000347a4fa7d"> - <topic>multiple vulnerabilities in LHA</topic> - <affects> - <package> - <name>lha</name> - <range><le>1.14i_4</le></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Multiple vulnerabilities have been found in the LHA code by Lukasz Wojtow - and Thomas Biege.</p> - <p>Successful exploitation may allow execution of arbitrary code.</p> - </body> - </description> - <references> - <url>http://secunia.com/advisories/12435</url> - <cvename>CAN-2004-0694</cvename> - <cvename>CAN-2004-0745</cvename> - <cvename>CAN-2004-0769</cvename> - <cvename>CAN-2004-0771</cvename> - <mlist msgid="20040606162856.29866.qmail@www.securityfocus.com">http://www.securityfocus.com/archive/1/365386</mlist> - <mlist msgid="20040515110900.24784.qmail@www.securityfocus.com">http://www.securityfocus.com/archive/1/363418</mlist> - <url>http://lw.ftw.zamosc.pl/lha-exploit.txt</url> - <url>http://www.osvdb.org/9519</url> - <url>http://www.osvdb.org/9520</url> - <url>http://www.osvdb.org/9521</url> - <url>http://www.osvdb.org/9522</url> - <bid>10354</bid> - <bid>11093</bid> - <url>http://rhn.redhat.com/errata/RHSA-2004-323.html</url> - </references> - <dates> - <discovery>2004-05-19</discovery> - <entry>2004-09-03</entry> - </dates> - </vuln> - - <vuln vid="fdbbed57-f933-11d8-a776-00e081220a76"> - <topic>cdrtools local privilege escalation</topic> - <affects> - <package> - <name>cdrtools</name> - <range><lt>2.0.3_4</lt></range> - </package> - <package> - <name>cdrtools-cjk</name> - <range><lt>2.0.3.20030714_4</lt></range> - </package> - <package> - <name>cdrtools-devel</name> - <range><lt>2.01a38</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Max Vozeler found a flaw in in cdrecord allowing a local root exploit</p> - </body> - </description> - <references> - <url>ftp://ftp.berlios.de/pub/cdrecord/alpha/AN-2.01a38</url> - <url>http://www.osvdb.org/9395</url> - <cvename>CAN-2004-0806</cvename> - <mlist msgid="E1C0yA3-0002cc-00@newraff.debian.org">http://lists.debian.org/debian-devel-changes/2004/08/msg03421.html</mlist> - <bid>11075</bid> - <url>http://secunia.com/advisories/12481</url> - </references> - <dates> - <discovery>2004-08-28</discovery> - <entry>2004-08-30</entry> - </dates> - </vuln> -</vuxml> diff --git a/ports-mgmt/portaudit-db/database/portaudit2vuxml.pl b/ports-mgmt/portaudit-db/database/portaudit2vuxml.pl deleted file mode 100644 index d352bb2f8661..000000000000 --- a/ports-mgmt/portaudit-db/database/portaudit2vuxml.pl +++ /dev/null @@ -1,149 +0,0 @@ -#!/usr/bin/perl -w -# -# Copyright (c) 2004 Oliver Eikemeier. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# 1. Redistributions of source code must retain the above copyright notice -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# 3. Neither the name of the author nor the names of its contributors may be -# used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# $FreeBSD$ -# -# portaudit to VuXML converter, use with -# portaudit2vuxml.pl <uuid> -# and edit the entry to suit your needs. -# - -require 5.005; -use strict; -use Cwd 'abs_path'; - -my $portsdir = $ENV{PORTSDIR} ? $ENV{PORTSDIR} : '/usr/ports'; - -my $portauditdb = "$portsdir/security/portaudit-db/database/portaudit.txt"; - -my $uuid = $ARGV[0]; - -$#ARGV == 0 && $uuid =~ /^[0-9a-f]{8}(?:-[0-9a-f]{4}){4}[0-9a-f]{8}$/ - or die "usage: $0 $uuid <uuid>\n"; - -my $today=`date -u +%Y-%m-%d`; -chomp $today; - -my @pkg; -my $url; -my $topic; - -open PORTAUDITDB, "<$portauditdb" - or die "Can't open $portauditdb: $!\n"; - -while (<PORTAUDITDB>) { - chomp; - next if /^(?:#|$)/; - my @line = split /\|/; - next if $#line < 3 || $line[3] ne $uuid; - push @pkg, $line[0]; - $url = $line[1]; - $topic = $line[2]; -} - -close PORTAUDITDB; - -$url =~ s/</</g; -$url =~ s/>/>/g; -$url =~ s/&/&/g; - -$topic =~ s/</</g; -$topic =~ s/>/>/g; -$topic =~ s/&/&/g; - -my %oper = ( - '<' => 'lt', - '<=' => 'le', - '=' => 'eq', - '>=' => 'ge', - '>' => 'gt' -); - -if (@pkg) { - print " <vuln vid=\"$uuid\">\n"; - print " <topic>$topic</topic>\n"; - print " <affects>\n"; - foreach (@pkg) { - my @vers = split /((?:<|>)=?|=)/; - my $pkgname = shift @vers; - print " <package>\n"; - print " <name>$pkgname</name>\n"; - if (@vers) { - print " <range>"; - while (@vers) { - my $op = $oper{shift @vers}; - my $v = shift @vers; - print "<$op>$v</$op>"; - } - print "</range>\n"; - } - print " </package>\n"; - } - print " </affects>\n"; - - print " <description>\n"; - print " <body xmlns=\"http://www.w3.org/1999/xhtml\">\n"; - print " <p>Please <a href=\"mailto:security\@FreeBSD.org?subject=vid%20$uuid\">contact\n"; - print " the FreeBSD Security Team</a> for more information.</p>\n"; - print " </body>\n"; - print " </description>\n"; - print " <references>\n"; - - foreach (split ' ', $url) { - if (m'^http://cve\.mitre\.org/cgi-bin/cvename\.cgi\?name=(.+)$') { - print " <cvename>$1</cvename>\n" - } - elsif (m'^(http://www\.securityfocus\.com/archive/.+)$') { - print " <mlist>$1</mlist>\n" - } - elsif (m'^http://www\.securityfocus\.com/bid/(.+)$') { - print " <bid>$1</bid>\n" - } - elsif (m'^(http://(?:article\.gmane\.org|lists\.netsys\.com|marc\.theaimsgroup\.com)/.+)$') { - print " <mlist>$1</mlist>\n" - } - elsif (m'^http://www\.kb\.cert\.org/vuls/id/(.+)$') { - print " <certvu>$1</certvu>\n" - } - elsif (m'^http://www\.cert\.org/advisories/(.+)\.html$') { - print " <certsa>$1</certsa>\n" - } - else { - print " <url>$_</url>\n"; - } - } - - print " </references>\n"; - print " <dates>\n"; - print " <discovery>2000-00-00</discovery>\n"; - print " <entry>$today</entry>\n"; - print " </dates>\n"; - print " </vuln>\n"; -} diff --git a/ports-mgmt/portaudit-db/files/packaudit.conf b/ports-mgmt/portaudit-db/files/packaudit.conf deleted file mode 100644 index 6b952effc14f..000000000000 --- a/ports-mgmt/portaudit-db/files/packaudit.conf +++ /dev/null @@ -1,9 +0,0 @@ -# -# $FreeBSD$ -# -# packaudit.conf sample file -# - -# avoid network access -export SGML_CATALOG_FILES="%%LOCALBASE%%/share/xml/catalog" -XSLTPROC_EXTRA_ARGS="--catalogs --nonet" diff --git a/ports-mgmt/portaudit-db/files/packaudit.sh b/ports-mgmt/portaudit-db/files/packaudit.sh deleted file mode 100644 index 4d0e245da6a8..000000000000 --- a/ports-mgmt/portaudit-db/files/packaudit.sh +++ /dev/null @@ -1,142 +0,0 @@ -#!/bin/sh -e -# -# Copyright (c) 2004 Oliver Eikemeier. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# 1. Redistributions of source code must retain the above copyright notice -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# 3. Neither the name of the author nor the names of its contributors may be -# used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# $FreeBSD$ -# - -AWK=/usr/bin/awk -BASENAME=/usr/bin/basename -CAT=/bin/cat -DATE=/bin/date -ENV=/usr/bin/env -MD5=/sbin/md5 -MKDIR="/bin/mkdir -p" -MKTEMP=/usr/bin/mktemp -RM=/bin/rm -SED=/usr/bin/sed -TAR=/usr/bin/tar -XSLTPROC=%%LOCALBASE%%/bin/xsltproc - -PORTSDIR="${PORTSDIR:-%%PORTSDIR%%}" -VUXMLDIR="${VUXMLDIR:-$PORTSDIR/security/vuxml}" -PORTAUDITDBDIR="${PORTAUDITDBDIR:-$PORTSDIR/security/portaudit-db}" - -DATABASEDIR="${DATABASEDIR:-%%DATABASEDIR%%}" - -STYLESHEET="%%DATADIR%%/vuxml2portaudit.xslt" - -PUBLIC_HTML="${PUBLIC_HTML:-$HOME/public_html/portaudit}" -HTMLSHEET="%%DATADIR%%/vuxml2html.xslt" -BASEURL="${BASEURL:-http://www.freebsd.org/ports/portaudit/}" - -PORTAUDIT2VUXML="%%DATADIR%%/portaudit2vuxml.awk" - -[ -d "$DATABASEDIR" ] || $MKDIR "$DATABASEDIR" - -if [ ! -w "$DATABASEDIR" ]; then - echo "$DATABASEDIR is not writable by you, exiting." - exit 1 -fi - -TMPNAME=`$BASENAME "$0"` - -VULVER=`$SED -En -e '/^.*\\$FreeBSD\: [^$ ]+,v ([0-9]+(\.[0-9]+)+) [^$]+\\$.*$/{s//\1/p;q;}' "$VUXMLDIR/vuln.xml"` -VULURL="http://cvsweb.freebsd.org/ports/security/vuxml/vuln.xml?rev=$VULVER" - -[ -r "%%PREFIX%%/etc/packaudit.conf" ] && . "%%PREFIX%%/etc/packaudit.conf" - -if [ -d "$PUBLIC_HTML" -a -w "$PUBLIC_HTML" ]; then - VULNMD5=`$CAT "$VUXMLDIR/vuln.xml" "$PORTAUDITDBDIR/database/portaudit.xml" "$PORTAUDITDBDIR/database/portaudit.txt" | $MD5` - if [ -f "$PUBLIC_HTML/portaudit.md5" ]; then - VULNMD5_OLD=`$CAT "$PUBLIC_HTML/portaudit.md5"` - fi - if [ "$VULNMD5" != "$VULNMD5_OLD" ]; then - echo -n "$VULNMD5" > "$PUBLIC_HTML/portaudit.md5" - TMPXML=`$MKTEMP -t "$TMPNAME.$$"` || exit 1 - $PORTAUDIT2VUXML "$PORTAUDITDBDIR/database/portaudit.txt" "$PORTAUDITDBDIR/database/portaudit.xml" > "$TMPXML" - $XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam vulurl "$VULURL" --stringparam extradoc "$TMPXML" \ - -o "$PUBLIC_HTML/" "$HTMLSHEET" "$VUXMLDIR/vuln.xml" - $RM "$TMPXML" - fi -fi - -TMPDIR=`$MKTEMP -d -t "$TMPNAME.$$"` || exit 1 - -TESTPORT="vulnerability-test-port>=2000<`$DATE -u +%Y.%m.%d`" -TESTURL="http://cvsweb.freebsd.org/ports/security/vulnerability-test-port/" -TESTREASON="Not vulnerable, just a test port (database: `$DATE -u +%Y-%m-%d`)" - -XLIST_FILE="$PORTAUDITDBDIR/database/portaudit.xlist" - -cd "$TMPDIR" || exit 1 -{ - $DATE -u "+#CREATED: %Y-%m-%d %H:%M:%S" - echo "# Created by packaudit %%PORTVERSION%%" - echo "$TESTPORT|$TESTURL|$TESTREASON" - echo "# Please refer to the original document for copyright information:" - echo "# $VULURL" - $XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam baseurl "$BASEURL" "$STYLESHEET" "$VUXMLDIR/vuln.xml" \ - | $AWK -F\| -v XLIST_FILE="$XLIST_FILE" ' - BEGIN { - while((getline < XLIST_FILE) > 0) - if(!/^(#|$)/) - ignore[$1]=1 - } - /^(#|$)/ || !($4 in ignore) { - print - } - ' - echo "# This part is in the public domain" - $XSLTPROC $XSLTPROC_EXTRA_ARGS --stringparam baseurl "$BASEURL" "$STYLESHEET" "$PORTAUDITDBDIR/database/portaudit.xml" - $AWK -F\| ' - /^(#|$)/ { - print - next - } - { - if ($4) - print $1 FS "'"$BASEURL"'" $4 ".html" FS $3 FS $4 - else - print - } - ' "$PORTAUDITDBDIR/database/portaudit.txt" -} | $AWK -F\| -v XLIST_FILE="$XLIST_FILE" ' - /^(#|$)/ { - print - next - } - { - print $1 "|" $2 "|" $3 - } -' > auditfile -echo "#CHECKSUM: MD5 `$MD5 < auditfile`" >> auditfile -$TAR -jcf "$DATABASEDIR/auditfile.tbz" auditfile -cd -$RM -Rf "$TMPDIR" diff --git a/ports-mgmt/portaudit-db/files/portaudit2vuxml.awk b/ports-mgmt/portaudit-db/files/portaudit2vuxml.awk deleted file mode 100644 index c02929077d0a..000000000000 --- a/ports-mgmt/portaudit-db/files/portaudit2vuxml.awk +++ /dev/null @@ -1,95 +0,0 @@ -#!/usr/bin/awk -f - - BEGIN { - XMLFILE=ARGV[2] - delete ARGV[2] - while (getline < XMLFILE) { - if (/<\/vuxml>/) - break - print - } - XML=$0 - FS="|" - } - - /^(#|$)/ { next } - - { - if (PKG[$4]) - PKG[$4]=PKG[$4] FS $1 - else - PKG[$4]=$1 - gsub(/</, "<") - gsub(/>/, ">") - gsub(/&/, "&") - URL[$4]=$2 - TOPIC[$4]=$3 - } - - END { - OPN["<"]="lt" - OPN["<="]="le" - OPN["="]="eq" - OPN[">="]="ge" - OPN[">"]="gt" - - for (UUID in PKG) { - print " <vuln vid=\"" UUID "\">" - print " <topic>" TOPIC[UUID] "</topic>" - - print " <affects>" - split(PKG[UUID], APKG) - for (TPKG in APKG) { - VERS=APKG[TPKG] - print " <package>" - if (match(VERS, /(<|>)=?|=/) > 0) { - print " <name>" substr(VERS, 1, RSTART-1) "</name>" - printf " <range>" - do { - OP=substr(VERS, RSTART, RLENGTH) - LEN=length(VERS) - VERS=substr(VERS, RSTART+RLENGTH, LEN+1-RSTART-RLENGTH) - NEXTRANGE=match(VERS, /(<|>)=?|=/) - if (NEXTRANGE > 0) - printf "<%s>%s</%s>", OPN[OP], substr(VERS, 1, RSTART-1), OPN[OP] - else - printf "<%s>%s</%s>", OPN[OP], VERS, OPN[OP] - } while (NEXTRANGE > 0) - printf "</range>\n" - } - else { - print " <name>" VERS "</name>" - } - print " </package>" - } - print " </affects>" - - print " <description>" - print " <body xmlns=\"http://www.w3.org/1999/xhtml\">" - print " <p>Please <a href=\"mailto:security@FreeBSD.org?subject=vid%20" UUID "\">contact" - print " the FreeBSD Security Team</a> for more information.</p>" - print " </body>" - print " </description>" - print " <references>" - - split(URL[UUID], URLS, / /) - for (U in URLS) { - if (!URLS[U]) - continue - print " <url>" URLS[U] "</url>" - } - - print " </references>" - print " <dates>" - print " <discovery>2000-00-00</discovery>" - print " <entry>2000-00-00</entry>" - print " </dates>" - print " </vuln>" - print "" - } - print XML - while (getline < XMLFILE) { - print - } - close(XMLFILE) - } diff --git a/ports-mgmt/portaudit-db/files/vuxml2html.xslt b/ports-mgmt/portaudit-db/files/vuxml2html.xslt deleted file mode 100644 index 2c892170292a..000000000000 --- a/ports-mgmt/portaudit-db/files/vuxml2html.xslt +++ /dev/null @@ -1,329 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - - $FreeBSD$ - -Copyright (c) 2004 Oliver Eikemeier. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. -3. Neither the name of the author nor the names of its contributors may be - used to endorse or promote products derived from this software without - specific prior written permission. - -THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -VuXML to HTML converter. - -Usage: - xsltproc -o html/ vuxml2html.xslt vuxml.xml - ---> -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:vuxml="http://www.vuxml.org/apps/vuxml-1" xmlns="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xhtml vuxml" version="1.0"> - <xsl:output method="xml"/> - <xsl:strip-space elements="vuxml:affects vuxml:package vuxml:name vuxml:range" /> -<!-- whole vuxml file --> - <xsl:template match="vuxml:vuxml"> -<!-- index page, xhtml strict --> - <xsl:document href="index.html" method="xml" indent="yes" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - <title>portaudit: Vulnerability list</title> - <xsl:call-template name="css"/> - </head> - <body> - <div> - <xsl:call-template name="bar"/> - </div> - <h1>Vulnerabilities</h1> - <table> - <xsl:for-each select="vuxml:vuln | document($extradoc)/vuxml:vuxml/vuxml:vuln"> - <xsl:sort select="(vuxml:dates/vuxml:modified | vuxml:dates/vuxml:entry)[1]" order="descending"/> - <tr> - <td> - <xsl:value-of select="(vuxml:dates/vuxml:modified | vuxml:dates/vuxml:entry)[1]"/> - </td> - <td> - <a href="{translate(@vid, 'ABCDEF', 'abcdef')}.html"> - <xsl:value-of select="vuxml:topic"/> - </a> - </td> - </tr> - </xsl:for-each> - </table> - <p> - <a href="index-pkg.html">[Sorted by package name]</a> - </p> - <xsl:call-template name="foo"> - <xsl:with-param name="vid">index</xsl:with-param> - </xsl:call-template> - </body> - </html> - </xsl:document> -<!-- index page by packages, xhtml strict --> - <xsl:document href="index-pkg.html" method="xml" indent="yes" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - <title>portaudit: Vulnerability list by packages</title> - <xsl:call-template name="css"/> - </head> - <body> - <div> - <xsl:call-template name="bar"/> - </div> - <h1>Vulnerabilities</h1> - <table> - <xsl:for-each select="//vuxml:affects/vuxml:package/vuxml:name | document($extradoc)//vuxml:affects/vuxml:package/vuxml:name"> - <xsl:sort select="translate(., 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz')"/> - <xsl:sort select="(ancestor-or-self::vuxml:vuln/vuxml:dates/vuxml:modified | ancestor-or-self::vuxml:vuln/vuxml:dates/vuxml:entry)[1]" order="descending"/> - <tr> - <td> - <xsl:value-of select="."/> - </td> - <td> - <a href="{translate(ancestor-or-self::vuxml:vuln/@vid, 'ABCDEF', 'abcdef')}.html"> - <xsl:value-of select="ancestor-or-self::vuxml:vuln/vuxml:topic"/> - </a> - </td> - </tr> - </xsl:for-each> - </table> - <p> - <a href="index.html">[Sorted by last modification]</a> - </p> - <xsl:call-template name="foo"> - <xsl:with-param name="vid">index</xsl:with-param> - </xsl:call-template> - </body> - </html> - </xsl:document> -<!-- individual pages, xhtml strict --> - <xsl:for-each select="vuxml:vuln | document($extradoc)/vuxml:vuxml/vuxml:vuln"> - <xsl:document href="{translate(@vid, 'ABCDEF', 'abcdef')}.html" method="xml" indent="yes" encoding="UTF-8" doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN" doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - <xsl:choose> - <xsl:when test="vuxml:cancelled"> - <title>portaudit: Cancelled entry</title> - </xsl:when> - <xsl:otherwise> - <title>portaudit: <xsl:value-of select="vuxml:topic"/></title> - </xsl:otherwise> - </xsl:choose> - <xsl:call-template name="css"/> - </head> - <body> - <div> - <xsl:call-template name="bar"/> - </div> - <xsl:choose> - <xsl:when test="vuxml:cancelled"> - <h1> - Cancelled entry - </h1> - <xsl:if test="vuxml:cancelled/@superseded"> - <h2>References:</h2> - <ul> - <li>Superseded by <a href="./{vuxml:cancelled/@superseded}.html">entry - <xsl:value-of select="vuxml:cancelled/@superseded"/></a></li> - </ul> - </xsl:if> - </xsl:when> - <xsl:otherwise> - <h1> - <xsl:value-of select="vuxml:topic"/> - </h1> - <h2>Description:</h2> - <xsl:copy-of select="vuxml:description/xhtml:body/*"/> - <h2>References:</h2> - <ul> - <xsl:apply-templates select="vuxml:references"/> - </ul> - <h2>Affects:</h2> - <ul> - <xsl:for-each select="vuxml:affects/vuxml:package"> - <xsl:for-each select="vuxml:name"> - <xsl:variable name="name" select="."/> - <xsl:for-each select="../vuxml:range"> - <li> - <xsl:value-of select="$name"/> - <xsl:apply-templates/> - </li> - </xsl:for-each> - </xsl:for-each> - </xsl:for-each> - <xsl:for-each select="vuxml:affects/vuxml:system"> - <xsl:for-each select="vuxml:name"> - <xsl:variable name="name" select="."/> - <xsl:for-each select="../vuxml:range"> - <li> - <xsl:value-of select="$name"/> - <xsl:apply-templates/> - </li> - </xsl:for-each> - </xsl:for-each> - </xsl:for-each> - </ul> - <title>portaudit: <xsl:value-of select="vuxml:topic"/></title> - </xsl:otherwise> - </xsl:choose> - - <xsl:call-template name="foo"> - <xsl:with-param name="vid" select="@vid"/> - </xsl:call-template> - </body> - </html> - </xsl:document> - </xsl:for-each> -<!-- end of vuxml file processing --> - </xsl:template> -<!-- vulnerability references --> - <xsl:template match="vuxml:bid"> - <li>BugTraq ID <a href="http://www.securityfocus.com/bid/{.}"><xsl:value-of select="."/></a></li> - </xsl:template> - <xsl:template match="vuxml:certsa"> - <li>CERT security advisory <a href="http://www.cert.org/advisories/{.}.html"><xsl:value-of select="."/></a></li> - </xsl:template> - <xsl:template match="vuxml:certvu"> - <li>CERT vulnerability note <a href="http://www.kb.cert.org/vuls/id/{.}"><xsl:value-of select="."/></a></li> - </xsl:template> - <xsl:template match="vuxml:cvename"> - <li>CVE name <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name={.}"><xsl:value-of select="."/></a></li> - </xsl:template> - <xsl:template match="vuxml:freebsdsa"> - <li>FreeBSD security advisory <a href="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-{.}.asc">FreeBSD-<xsl:value-of select="."/></a></li> - </xsl:template> - <xsl:template match="vuxml:freebsdpr"> - <li>FreeBSD PR <a href="http://www.freebsd.org/cgi/query-pr.cgi?pr={.}"><xsl:value-of select="."/></a></li> - </xsl:template> - <xsl:template match="vuxml:mlist"> - <li>List post: <a href="{.}"><<xsl:value-of select="."/>></a> - <xsl:if test="@msgid"><a href="http://www.google.com/search?q={@msgid}">(search)</a></xsl:if> - </li> - </xsl:template> - <xsl:template match="vuxml:url"> - <li>URL: <a href="{.}"><<xsl:value-of select="."/>></a></li> - </xsl:template> - <xsl:template match="vuxml:uscertsa"> - <li>US-CERT security alert <a href="http://www.us-cert.gov/cas/alerts/{.}.html"><xsl:value-of select="."/></a></li> - </xsl:template> - <xsl:template match="vuxml:uscertta"> - <li>US-CERT technical security alert <a href="http://www.us-cert.gov/cas/techalerts/{.}.html"><xsl:value-of select="."/></a></li> - </xsl:template> -<!-- comparison operators --> - <xsl:template match="vuxml:lt"> - <xsl:text> <</xsl:text> - <xsl:value-of select="text()"/> - </xsl:template> - <xsl:template match="vuxml:le"> - <xsl:text> <=</xsl:text> - <xsl:value-of select="text()"/> - </xsl:template> - <xsl:template match="vuxml:gt"> - <xsl:text> ></xsl:text> - <xsl:value-of select="text()"/> - </xsl:template> - <xsl:template match="vuxml:ge"> - <xsl:text> >=</xsl:text> - <xsl:value-of select="text()"/> - </xsl:template> - <xsl:template match="vuxml:eq"> - <xsl:text> =</xsl:text> - <xsl:value-of select="text()"/> - </xsl:template> -<!-- style sheet --> - <xsl:template name="css"> - <link rel="shortcut icon" href="http://www.freebsd.org/favicon.ico" type="image/x-icon"/> - <style type="text/css"> - <xsl:comment> - <xsl:text> - body { - background-color : #ffffff; - color : #000000; - } - - a:link { color: #0000ff } - a:visited { color: #840084 } - a:active { color: #0000ff } - - h1 { color: #990000 } - - img { color: white; border:none } - - table { - border: none; - margin-top: 10px; - margin-bottom: 10px; - } - - th { - text-align: left; - padding: 3px; - border: none; - vertical-align: top; - } - - td { - padding: 3px; - border: none; - vertical-align: top; - } - - tr.odd { - background: #eeeeee; - color: inherit; - } - </xsl:text> - </xsl:comment> - </style> - </xsl:template> -<!-- xhtml elements --> - <xsl:template name="bar"> - <img src="http://www.freebsd.org/gifs/bar.gif" alt="Navigation Bar" height="33" width="565" usemap="#bar"/> - <map id="bar" name="bar"> - <area shape="rect" coords="1,1,111,33" href="http://www.freebsd.org/" alt="Top"/> - <area shape="rect" coords="112,16,196,33" href="http://www.freebsd.org/ports/index.html" alt="Applications"/> - <area shape="rect" coords="197,16,256,33" href="http://www.freebsd.org/support.html" alt="Support"/> - <area shape="rect" coords="257,16,365,33" href="http://www.freebsd.org/docs.html" alt="Documentation"/> - <area shape="rect" coords="366,16,424,33" href="http://www.freebsd.org/commercial/commercial.html" alt="Vendors"/> - <area shape="rect" coords="425,16,475,33" href="http://www.freebsd.org/search/search.html" alt="Search"/> - <area shape="rect" coords="476,16,516,33" href="http://www.freebsd.org/search/index-site.html" alt="Index"/> - <area shape="rect" coords="517,16,565,33" href="http://www.freebsd.org/" alt="Top"/> - <area shape="rect" coords="0,0,565,33" href="http://www.freebsd.org/" alt="Top"/> - </map> - </xsl:template> - <xsl:template name="foo"> - <xsl:param name="vid"/> - <hr/> - <p><strong>Disclaimer:</strong> The data contained on this page is derived from the VuXML document, - please refer to the <a href="{$vulurl}">the original document</a> for copyright information. The author of - portaudit makes no claim of authorship or ownership of any of the information contained herein.</p> - <p> - If you have found a vulnerability in a FreeBSD port not listed in the - database, please <a href="mailto:security@FreeBSD.org?subject=vid%20{$vid}">contact - the FreeBSD Security Team</a>. Refer to - <a href="http://www.freebsd.org/security/#how">"FreeBSD Security - Information"</a> for more information. - </p> - <hr/> - <address title="Oliver Eikemeier"> - Oliver Eikemeier <a href="mailto:eik@FreeBSD.org?subject=portaudit"><eik@FreeBSD.org></a> - </address> - </xsl:template> -</xsl:stylesheet> diff --git a/ports-mgmt/portaudit-db/files/vuxml2portaudit.xslt b/ports-mgmt/portaudit-db/files/vuxml2portaudit.xslt deleted file mode 100644 index 60beed5ec52e..000000000000 --- a/ports-mgmt/portaudit-db/files/vuxml2portaudit.xslt +++ /dev/null @@ -1,92 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - - $FreeBSD$ - -Copyright (c) 2004 Oliver Eikemeier. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. -3. Neither the name of the author nor the names of its contributors may be - used to endorse or promote products derived from this software without - specific prior written permission. - -THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -VuXML to portaudit database converter. - -Usage: - xsltproc -o auditfile vuxml2portaudit.xslt vuxml.xml - ---> -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:vuxml="http://www.vuxml.org/apps/vuxml-1" version="1.0"> - <xsl:output method="text"/> - <xsl:variable name="newline"> - <xsl:text>
</xsl:text> - </xsl:variable> -<!-- xxx --> - <xsl:strip-space elements="vuxml:affects vuxml:package vuxml:name vuxml:range"/> - <xsl:template match="/"> - <xsl:text># Converted by vuxml2portaudit -</xsl:text> - <xsl:for-each select="vuxml:vuxml/vuxml:vuln"> - <xsl:variable name="topic" select="normalize-space(vuxml:topic)"/> - <xsl:variable name="vid" select="translate(@vid, 'ABCDEF', 'abcdef')"/> - <xsl:for-each select="vuxml:affects/vuxml:package"> - <xsl:for-each select="vuxml:name"> - <xsl:variable name="name" select="."/> - <xsl:for-each select="../vuxml:range"> - <xsl:value-of select="$name"/> - <xsl:apply-templates/> - <xsl:text>|</xsl:text> - <xsl:value-of select="$baseurl"/> - <xsl:value-of select="$vid"/> - <xsl:text>.html</xsl:text> - <xsl:text>|</xsl:text> - <xsl:value-of select="$topic"/> - <xsl:text>|</xsl:text> - <xsl:value-of select="$vid"/> - <xsl:value-of select="$newline"/> - </xsl:for-each> - </xsl:for-each> - </xsl:for-each> - </xsl:for-each> - </xsl:template> -<!-- xxx --> - <xsl:template match="vuxml:lt"> - <xsl:text><</xsl:text> - <xsl:value-of select="text()"/> - </xsl:template> - <xsl:template match="vuxml:le"> - <xsl:text><=</xsl:text> - <xsl:value-of select="text()"/> - </xsl:template> - <xsl:template match="vuxml:gt"> - <xsl:text>></xsl:text> - <xsl:value-of select="text()"/> - </xsl:template> - <xsl:template match="vuxml:ge"> - <xsl:text>>=</xsl:text> - <xsl:value-of select="text()"/> - </xsl:template> - <xsl:template match="vuxml:eq"> - <xsl:text>=</xsl:text> - <xsl:value-of select="text()"/> - </xsl:template> -</xsl:stylesheet> diff --git a/ports-mgmt/portaudit-db/pkg-descr b/ports-mgmt/portaudit-db/pkg-descr deleted file mode 100644 index 85b315a9d87b..000000000000 --- a/ports-mgmt/portaudit-db/pkg-descr +++ /dev/null @@ -1,16 +0,0 @@ -In contrast to security/portaudit, which is designed to be an -install-and-forget solution, portaudit-db requires a current -ports tree and generates a database that can be used locally -or distributed over a network. - -Furthermore committers that want to add entries to the VuXML -database may use this port to check their changes locally. -It also features a file `database/portaudit.txt' where UUIDs -for vulnerabilities can be allocated before they have been -investigated thoroughly and moved to the VuXML database by -the security officer team. - -Call `packaudit' after upgrading your ports tree. - -WWW: http://people.freebsd.org/~eik/portaudit/ -Oliver Eikemeier <eik@FreeBSD.org> diff --git a/ports-mgmt/portaudit-db/pkg-plist b/ports-mgmt/portaudit-db/pkg-plist deleted file mode 100644 index 46e9b0674f4c..000000000000 --- a/ports-mgmt/portaudit-db/pkg-plist +++ /dev/null @@ -1,8 +0,0 @@ -bin/packaudit -etc/packaudit.conf.sample -%%DATADIR%%/portaudit2vuxml.awk -%%DATADIR%%/vuxml2html.xslt -%%DATADIR%%/vuxml2portaudit.xslt -@dirrm %%DATADIR%% -@exec mkdir -p %%DATABASEDIR%% -@unexec rmdir %%DATABASEDIR%% 2>/dev/null || true |