diff options
author | Olli Hauer <ohauer@FreeBSD.org> | 2015-09-14 03:59:25 +0000 |
---|---|---|
committer | Olli Hauer <ohauer@FreeBSD.org> | 2015-09-14 03:59:25 +0000 |
commit | 3ecb75d2eea44c1641e94b5e2bd09dc706617432 (patch) | |
tree | 99cfb8e06a3c38f76e60c5873301e194f8b64f93 | |
parent | 1ac5b8b2494bb9e80ad83f2916524023a02176e2 (diff) | |
download | ports-3ecb75d2eea44c1641e94b5e2bd09dc706617432.tar.gz ports-3ecb75d2eea44c1641e94b5e2bd09dc706617432.zip |
- document bugzilla CVE-2015-4499
Notes
Notes:
svn path=/head/; revision=396877
-rw-r--r-- | security/vuxml/vuln.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 220145976c25..384837a48eeb 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,43 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="ea893f06-5a92-11e5-98c0-20cf30e32f6d"> + <topic>Bugzilla security issues</topic> + <affects> + <package> + <name>bugzilla44</name> + <range><lt>4.4.10</lt></range> + </package> + <package> + <name>bugzilla50</name> + <range><lt>5.0.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Bugzilla Security Advisory</p> + <blockquote cite="https://www.bugzilla.org/security/4.2.14/"> + <p>Login names (usually an email address) longer than 127 + characters are silently truncated in MySQL which could + cause the domain name of the email address to be + corrupted. An attacker could use this vulnerability to + create an account with an email address different from the + one originally requested. The login name could then be + automatically added to groups based on the group's regular + expression setting.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2015-4499</cvename> + <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1202447</url> + </references> + <dates> + <discovery>2015-09-10</discovery> + <entry>2015-09-14</entry> + </dates> + </vuln> + <vuln vid="4910d161-58a4-11e5-9ad8-14dae9d210b8"> <topic>openldap -- denial of service</topic> <affects> |