diff options
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3cc4acd1ce35..95c720d33b14 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,43 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="1a6b7641-aed2-4ba1-96f4-c282d5b09c37"> + <topic>zeek -- Various vulnerabilities</topic> + <affects> + <package> + <name>zeek</name> + <range><lt>3.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jon Siwek of Corelight reports:</p> + <blockquote cite="https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS"> + <p>This release fixes the following security issues:</p> + <ul> + <li> + Fix buffer over-read in Ident analyzer </li> + <li> + Fix SSL scripting error leading to uninitialized field + access and memory leak </li> + <li> + Fix POP3 analyzer global buffer over-read </li> + <li> + Fix potential stack overflows due to use of + Variable-Length-Arrays </li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS</url> + </references> + <dates> + <discovery>2020-05-06</discovery> + <entry>2020-05-06</entry> + </dates> + </vuln> + <vuln vid="d5fead4f-8efa-11ea-a5c8-08002728f74c"> <topic>Wagtail -- potential timing attack vulnerability</topic> <affects> |