FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7b0208ff-3f65-4e16-8d4d-48fd9851f085leafnode fetchnews denial-of-service triggered by missing header

Fetchnews could hang when a news article to be downloaded lacked one of the mandatory headers. Found by Joshua Crawford.


Discovery 2003-06-20
Entry 2004-05-21
Modified 2005-05-13
leafnode
ge 1.9.3 le 1.9.41

CVE-2003-0744
http://leafnode.sourceforge.net/leafnode-SA-2003-01.txt
http://sourceforge.net/mailarchive/message.php?msg_id=5975563
http://article.gmane.org/gmane.network.leafnode.announce/21
8541
ports/53838
f7a3b18c-624c-4703-9756-b6b27429e5b0leafnode denial-of-service triggered by article request

The leafnode NNTP server may go into an unterminated loop with 100% CPU use when an article is requested by Message-ID that has been crossposted to several news groups when one of the group names is the prefix of another group name that the article was cross-posted to. Found by Jan Knutar.


Discovery 2002-11-06
Entry 2004-05-21
Modified 2005-05-13
leafnode
ge 1.9.20 lt 1.9.30

http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt
CVE-2002-1661
http://sourceforge.net/mailarchive/message.php?msg_id=2796226
http://article.gmane.org/gmane.network.leafnode.announce/8
6490
ports/46613
a051a4ec-3aa1-4dd1-9bdc-a61eb5700153leafnode fetchnews denial-of-service triggered by truncated transmission

When a downloaded news article ends prematurely, i. e. when the server sends [CR]LF.[CR]LF before sending a blank line, fetchnews may wait indefinitely for data that never arrives. Workaround: configure "minlines=1" (or use a bigger value) in the configuration file. Found by Toni Viemerö.


Discovery 2004-01-08
Entry 2004-05-21
Modified 2005-05-13
leafnode
le 1.9.47

CVE-2004-2068
http://leafnode.sourceforge.net/leafnode-SA-2004-01.txt
http://sourceforge.net/tracker/index.php?func=detail&aid=873149&group_id=57767&atid=485349
http://article.gmane.org/gmane.network.leafnode.announce/32
http://sourceforge.net/mailarchive/message.php?msg_id=6922570
ports/61105
b5ffaa2a-ee50-4498-af99-61bc1b163c00leafnode -- denial of service vulnerability

Matthias Andree reports:

A vulnerability was found in the fetchnews program (the NNTP client) that may under some circumstances cause a wait for input that never arrives, fetchnews "hangs". [...]

As only one fetchnews program can run at a time, subsequently started fetchnews and texpire programs will terminate. [...]

Upgrade your leafnode package to version 1.11.3.


Discovery 2005-06-08
Entry 2005-06-09
leafnode
< 1.11.3

CVE-2005-1911
http://leafnode.sourceforge.net/leafnode-SA-2005-02.txt
ports/82056
http://marc.theaimsgroup.com/?l=vulnwatch&m=111827180929063