FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
18449f92-ab39-11e6-8011-005056925db4	libwww -- multiple vulnerabilities Mitre reports: The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read. The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. Discovery 2005-10-12 Entry 2016-11-29 libwww < 5.4.0_6 15035 CVE-2005-3183 CVE-2009-3560 CVE-2009-3720 ports/214546 https://bugzilla.redhat.com/show_bug.cgi?id=170518
e375ff3f-7fec-11e8-8088-28d244aee256	expat -- multiple vulnerabilities Mitre reports: An integer overflow during the parsing of XML using the Expat library. XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. Discovery 2016-10-27 Entry 2018-07-05 expat < 2.2.1 libwww < 5.4.2 CVE-2016-9063 CVE-2017-9233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233 https://libexpat.github.io/doc/cve-2017-9233/

VuXML ID

Description

18449f92-ab39-11e6-8011-005056925db4

libwww -- multiple vulnerabilities

Mitre reports:

The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.

Discovery 2005-10-12
Entry 2016-11-29
libwww

< 5.4.0_6

15035
CVE-2005-3183
CVE-2009-3560
CVE-2009-3720
ports/214546
https://bugzilla.redhat.com/show_bug.cgi?id=170518

e375ff3f-7fec-11e8-8088-28d244aee256

expat -- multiple vulnerabilities

Mitre reports:

An integer overflow during the parsing of XML using the Expat library.

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

Discovery 2016-10-27
Entry 2018-07-05
expat

< 2.2.1

libwww

< 5.4.2

CVE-2016-9063
CVE-2017-9233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233
https://libexpat.github.io/doc/cve-2017-9233/