FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
84237895-8f39-11d8-8b29-0020ed76ef5aneon format string vulnerabilities

Greuff reports that the neon WebDAV client library contains several format string bugs within error reporting code. A malicious server may exploit these bugs by sending specially crafted PROPFIND or PROPPATCH responses.

Although several applications include neon, such as cadaver and subversion, the FreeBSD Ports of these applications are not impacted. They are specifically configured to NOT use the included neon. Only packages listed as affected in this notice are believed to be impacted.

Discovery 2004-04-14
Entry 2004-04-15
Modified 2004-06-25
lt 0.24.5

lt 1.2_1

le 0.13.4_1

8d075001-a9ce-11d8-9c6d-0020ed76ef5aneon date parsing vulnerability

Stefan Esser reports:

A vulnerability within a libneon date parsing function could cause a heap overflow which could lead to remote code execution, depending on the application using libneon.

The vulnerability is in the function ne_rfc1036_parse, which is in turn used by the function ne_httpdate_parse. Applications using either of these neon functions may be vulnerable.

Discovery 2004-05-19
Entry 2004-05-19
Modified 2004-06-25
lt 0.24.5_1

le 0.13.4_1