diff options
| author | Remko Lodder <remko@FreeBSD.org> | 2010-12-22 16:10:45 +0000 |
|---|---|---|
| committer | Remko Lodder <remko@FreeBSD.org> | 2010-12-22 16:10:45 +0000 |
| commit | 7e1a2ca3e0f0813487d598af918631e3046037e5 (patch) | |
| tree | 51d24da2bca07c1b3cb1dae55b10e32bf2d8e7ff /security/vuxml/vuln.xml | |
| parent | 5c311814c58722547ce50dad73d781f2d7358893 (diff) | |
| download | ports-7e1a2ca3e0f0813487d598af918631e3046037e5.tar.gz ports-7e1a2ca3e0f0813487d598af918631e3046037e5.zip | |
Add Tor remote crash and the possibility of remote code execution.
Submitted by: Janne Snabb <snabb at epipe dot com>
Notes
Notes:
svn path=/head/; revision=266722
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ab4d1c58271a..83afa8e5b4e2 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,44 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="4bd33bc5-0cd6-11e0-bfa4-001676740879"> + <topic>tor -- remote crash and potential remote code execution</topic> + <affects> + <package> + <name>tor</name> + <range><lt>0.2.1.28</lt></range> + </package> + <package> + <name>tor-devel</name> + <range><lt>0.2.2.20-alpha</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Tor Project reports:</p> + <blockquote cite="http://archives.seul.org/or/announce/Dec-2010/msg00000.html"> + <p>Remotely exploitable bug that could be used to crash instances + of Tor remotely by overflowing on the heap. Remote-code execution + hasn't been confirmed, but can't be ruled out. Everyone should + upgrade.</p> + </blockquote> + </body> + </description> + <references> + <bid>45500</bid> + <cvename>CVE-2010-1676</cvename> + <freebsdpr>ports/153326</freebsdpr> + <mlist msgid="20101220135830.GU3300@moria.seul.org">http://archives.seul.org/or/announce/Dec-2010/msg00000.html</mlist> + <mlist msgid="20101220141526.GS3255@moria.seul.org">http://archives.seul.org/or/talk/Dec-2010/msg00167.html</mlist> + <url>https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog</url> + <url>https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ChangeLog</url> + </references> + <dates> + <discovery>2010-12-17</discovery> + <entry>2010-12-22</entry> + </dates> + </vuln> + <vuln vid="d560b346-08a2-11e0-bcca-0050568452ac"> <topic>YUI JavaScript library -- JavaScript injection exploits in Flash components</topic> <affects> |