path: root/security/vuxml/vuln-2014.xml

  <vuln vid="c3d43001-8064-11e4-801f-0022156e8794">
    <topic>mutt -- denial of service via crafted mail message</topic>
    <affects>
      <package>
	<name>mutt</name>
	<range><ge>1.5.22</ge><lt>1.5.23_7</lt></range>
      </package>
      <package>
	<name>ja-mutt</name>
	<range><ge>1.5.22</ge><lt>1.5.23_7</lt></range>
      </package>
      <package>
	<name>zh-mutt</name>
	<range><ge>1.5.22</ge><lt>1.5.23_7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NVD reports:</p>
	<blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9116">
	  <p>The write_one_header function in mutt 1.5.23 does not
	  properly handle newline characters at the beginning of a
	  header, which allows remote attackers to cause a denial of
	  service (crash) via a header with an empty body, which
	  triggers a heap-based buffer overflow in the mutt_substrdup
	  function.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>71334</bid>
      <cvename>CVE-2014-9116</cvename>
      <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125</url>
      <url>http://dev.mutt.org/trac/ticket/3716</url>
    </references>
    <dates>
      <discovery>2014-11-26</discovery>
      <entry>2014-12-23</entry>
    </dates>
  </vuln>

  <vuln vid="4033d826-87dd-11e4-9079-3c970e169bc2">
    <topic>ntp -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>ntp</name>
	<name>ntp-devel</name>
	<range><lt>4.2.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>CERT reports:</p>
	<blockquote cite="http://www.kb.cert.org/vuls/id/852879">
	  <p>The Network Time Protocol (NTP) provides networked
	    systems with a way to synchronize time for various
	    services and applications. ntpd version 4.2.7 and
	    previous versions allow attackers to overflow several
	    buffers in a way that may allow malicious code to
	    be executed. ntp-keygen prior to version 4.2.7p230
	    also uses a non-cryptographic random number generator
	    when generating symmetric keys.</p>
	  <p>The buffer overflow vulnerabilities in ntpd may
	    allow a remote unauthenticated attacker to execute
	    arbitrary malicious code with the privilege level
	    of the ntpd process. The weak default key and
	    non-cryptographic random number generator in
	    ntp-keygen may allow an attacker to gain
	    information regarding the integrity checking
	    and authentication encryption schemes.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-9293</cvename>
      <cvename>CVE-2014-9294</cvename>
      <cvename>CVE-2014-9295</cvename>
      <cvename>CVE-2014-9296</cvename>
      <url>http://www.kb.cert.org/vuls/id/852879</url>
    </references>
    <dates>
      <discovery>2014-12-19</discovery>
      <entry>2014-12-20</entry>
    </dates>
  </vuln>

  <vuln vid="1d567278-87a5-11e4-879c-000c292ee6b8">
    <topic>git -- Arbitrary command execution on case-insensitive filesystems</topic>
    <affects>
      <package>
	<name>git</name>
	<range><lt>2.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Git Project reports:</p>
	<blockquote cite="http://article.gmane.org/gmane.linux.kernel/1853266">
	  <p>When using a case-insensitive filesystem an attacker can
	    craft a malicious Git tree that will cause Git to overwrite
	    its own .git/config file when cloning or checking out a
	    repository, leading to arbitrary command execution in the
	    client machine.  If you are a hosting service whose users
	    may fetch from your service to Windows or Mac OS X machines,
	    you are strongly encouraged to update to protect such users
	    who use existing versions of Git.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-9390</cvename>
      <url>https://github.com/blog/1938-git-client-vulnerability-announced</url>
      <url>http://article.gmane.org/gmane.linux.kernel/1853266</url>
    </references>
    <dates>
      <discovery>2014-12-19</discovery>
      <entry>2014-12-19</entry>
    </dates>
  </vuln>

  <vuln vid="0c5cf7c4-856e-11e4-a089-60a44c524f57">
    <topic>otrs -- Incomplete Access Control</topic>
    <affects>
      <package>
	<name>otrs</name>
	<range><gt>3.2.*</gt><lt>3.2.17</lt></range>
	<range><gt>3.3.*</gt><lt>3.3.11</lt></range>
	<range><gt>4.0.*</gt><lt>4.0.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OTRS project reports:</p>
	<blockquote cite="http://www.otrs.com/security-advisory-2014-06-incomplete-access-control/">
	  <p>An attacker with valid OTRS credentials could access and manipulate ticket data
	     of other users via the GenericInterface, if a ticket webservice is configured
	     and not additionally secured.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.otrs.com/security-advisory-2014-06-incomplete-access-control/</url>
      <cvename>CVE-2014-9324</cvename>
    </references>
    <dates>
      <discovery>2014-12-16</discovery>
      <entry>2014-12-16</entry>
    </dates>
  </vuln>

  <vuln vid="f5561ade-846c-11e4-b7a7-20cf30e32f6d">
    <topic>subversion -- DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>mod_dav_svn</name>
	<range><ge>1.8.0</ge><lt>1.8.11</lt></range>
      </package>
      <package>
	<name>subversion16</name>
	<range><ge>1.0.0</ge><lt>1.7.19</lt></range>
      </package>
      <package>
	<name>subversion17</name>
	<range><ge>1.0.0</ge><lt>1.7.19</lt></range>
      </package>
      <package>
	<name>subversion</name>
	<range><ge>1.0.0</ge><lt>1.7.19</lt></range>
	<range><ge>1.8.0</ge><lt>1.8.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Subversion Project reports:</p>
	<blockquote cite="http://subversion.apache.org/security/">
	  <p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it
	     receives a REPORT request for some invalid formatted special URIs.</p>
	  <p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it
	     receives a request for some invalid formatted special URIs.</p>
	  <p>We consider this to be a medium risk vulnerability.  Repositories which
	     allow for anonymous reads will be vulnerable without authentication.
	     Unfortunately, no special configuration is required and all mod_dav_svn
	     servers are vulnerable.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3580</cvename>
      <cvename>CVE-2014-8108</cvename>
      <url>http://subversion.apache.org/security/CVE-2014-3580-advisory.txt</url>
      <url>http://subversion.apache.org/security/CVE-2014-8108-advisory.txt</url>
    </references>
    <dates>
      <discovery>2014-12-13</discovery>
      <entry>2014-12-15</entry>
    </dates>
  </vuln>

  <vuln vid="fdf72a0e-8371-11e4-bc20-001636d274f3">
    <topic>NVIDIA UNIX driver -- remote denial of service or arbitrary code execution</topic>
    <affects>
      <package>
	<name>nvidia-driver</name>
	<range><lt>340.65</lt></range>
      </package>
      <package>
	<name>nvidia-driver-304</name>
	<range><lt>304.125</lt></range>
      </package>
      <package>
	<name>nvidia-driver-173</name>
	<range><le>173.14.35_3</le></range>
      </package>
      <package>
	<name>nvidia-driver-96</name>
	<range><le>96.43.23_2</le></range>
      </package>
      <package>
	<name>nvidia-driver-71</name>
	<range><le>71.86.15_4</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NVIDIA Unix security team reports:</p>
	<blockquote cite="http://nvidia.custhelp.com/app/answers/detail/a_id/3610">
	  <p>The GLX indirect rendering support supplied on NVIDIA products
	     is subject to the recently disclosed X.Org vulnerabilities
	     (CVE-2014-8093, CVE-2014-8098) as well as internally identified
	     vulnerabilities (CVE-2014-8298).</p>
	  <p>Depending on how it is configured, the X server typically runs
	     with raised privileges, and listens for GLX indirect rendering
	     protocol requests from a local socket and potentially a TCP/IP
	     port.  The vulnerabilities could be exploited in a way that
	     causes the X server to access uninitialized memory or overwrite
	     arbitrary memory in the X server process.  This can cause a
	     denial of service (e.g., an X server segmentation fault), or
	     could be exploited to achieve arbitrary code execution.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-8298</cvename>
      <cvename>CVE-2014-8093</cvename>
      <cvename>CVE-2014-8098</cvename>
    </references>
    <dates>
      <discovery>2014-12-03</discovery>
      <entry>2014-12-14</entry>
    </dates>
  </vuln>

  <vuln vid="ab3e98d9-8175-11e4-907d-d050992ecde8">
    <topic>bind -- denial of service vulnerability</topic>
    <affects>
      <package>
	<name>bind99</name>
	<name>bind99-base</name>
	<range><lt>9.9.6</lt></range>
      </package>
      <package>
	<name>bind98</name>
	<name>bind98-base</name>
	<name>bind96</name>
	<name>bind96-base</name>
	<range><gt>0</gt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>9.3</ge><lt>9.3_6</lt></range>
	<range><ge>9.2</ge><lt>9.2_16</lt></range>
	<range><ge>9.1</ge><lt>9.1_23</lt></range>
	<range><ge>8.4</ge><lt>8.4_20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ISC reports:</p>
	<blockquote cite="https://www.isc.org/blogs/important-security-advisory-posted/">
	  <p>We have today posted updated versions of 9.9.6 and 9.10.1
	    to address a significant security vulnerability in DNS
	    resolution. The flaw was discovered by Florian Maury of
	    ANSSI, and applies to any recursive resolver that does not
	    support a limit on the number of recursions. [<a href="http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html">CERTFR-2014-AVI-512</a>],
	    [USCERT <a href="www.kb.cert.org/vuls/id/264212">VU#264212</a>]</p>
	  <p>A flaw in delegation handling could be exploited to put named
	    into an infinite loop, in which each lookup of a name server
	    triggered additional lookups of more name servers.  This has
	    been addressed by placing limits on the number of levels of
	    recursion named will allow (default 7), and on the number of
	    queries that it will send before terminating a recursive query
	    (default 50).  The recursion depth limit is configured via the
	    max-recursion-depth option, and the query limit via the
	    max-recursion-queries option.  For more information, see the
	    security advisory at <a href="https://kb.isc.org/article/AA-01216/">https://kb.isc.org/article/AA-01216/</a>.
	    <a href="https://kb.isc.org/article/AA-01216/">[CVE-2014-8500]</a>
	    [RT #37580]</p>
	  <p>In addition, we have also corrected a potential security
	    vulnerability in the GeoIP feature in the 9.10.1 release only.
	    For more information on this issue, see the security advisory
	    at <a href="https://kb.isc.org/article/AA-01217">https://kb.isc.org/article/AA-01217</a>.
	    <a href="https://kb.isc.org/article/AA-01217">[CVE-2014-8680]</a></p>
	</blockquote>
      </body>
    </description>
    <references>
      <freebsdsa>SA-14:29.bind</freebsdsa>
      <cvename>CVE-2014-8500</cvename>
      <cvename>CVE-2014-8680</cvename>
      <url>https://www.isc.org/blogs/important-security-advisory-posted/</url>
    </references>
    <dates>
      <discovery>2014-12-08</discovery>
      <entry>2014-12-11</entry>
      <modified>2016-08-09</modified>
    </dates>
  </vuln>

  <vuln vid="94268da0-8118-11e4-a180-001999f8d30b">
    <topic>asterisk -- Remote Crash Vulnerability in WebSocket Server</topic>
    <affects>
      <package>
	<name>asterisk11</name>
	<range><lt>11.14.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="http://www.asterisk.org/downloads/security-advisories">
	  <p>When handling a WebSocket frame the res_http_websocket
	  module dynamically changes the size of the memory used
	  to allow the provided payload to fit. If a payload length
	  of zero was received the code would incorrectly attempt
	  to resize to zero. This operation would succeed and end
	  up freeing the memory but be treated as a failure. When
	  the session was subsequently torn down this memory would
	  get freed yet again causing a crash.</p>
	  <p>Users of the WebSocket functionality also did not take
	  into account that provided text frames are not guaranteed
	  to be NULL terminated. This has been fixed in chan_sip
	  and chan_pjsip in the applicable versions.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://downloads.asterisk.org/pub/security/AST-2014-019.html</url>
      <cvename>CVE-2014-9374</cvename>
    </references>
    <dates>
      <discovery>2014-10-30</discovery>
      <entry>2014-12-11</entry>
      <modified>2015-01-29</modified>
    </dates>
  </vuln>

  <vuln vid="27b9b2f0-8081-11e4-b4ca-bcaec565249c">
    <topic>xserver -- multiple issue with X client request handling</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<range><lt>1.12.4_10,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Alan Coopersmith reports:</p>
	<blockquote cite="http://lists.x.org/archives/xorg-announce/2014-December/002500.html">
	  <p>Ilja van Sprundel, a security researcher with IOActive, has
	    discovered a large number of issues in the way the X server
	    code base handles requests from X clients, and has worked
	    with X.Org's security team to analyze, confirm, and fix
	    these issues.</p>

	  <p>The vulnerabilities could be exploited to cause the X server
	    to access uninitialized memory or overwrite arbitrary memory
	    in the X server process.  This can cause a denial of service
	    (e.g., an X server segmentation fault), or could be exploited
	    to achieve arbitrary code execution.</p>

	  <p>The GLX extension to the X Window System allows an X client
	    to send X protocol to the X server, to request that the X
	    server perform OpenGL rendering on behalf of the X client.
	    This is known as "GLX indirect rendering", as opposed to
	    "GLX direct rendering" where the X client submits OpenGL
	    rendering commands directly to the GPU, bypassing the X
	    server and avoiding the X server code for GLX protocol
	    handling.</p>

	  <p>Most GLX indirect rendering implementations share some
	    common ancestry, dating back to "Sample Implementation"
	    code from Silicon Graphics, Inc (SGI), which SGI
	    originally commercially licensed to other Unix workstation
	    and graphics vendors, and later released as open source, so
	    those vulnerabilities may affect other licensees of SGI's
	    code base beyond those running code from the X.Org Foundation
	    or the XFree86 Project.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://lists.x.org/archives/xorg-announce/2014-December/002500.html</url>
      <cvename>CVE-2014-8091</cvename>
      <cvename>CVE-2014-8092</cvename>
      <cvename>CVE-2014-8093</cvename>
      <cvename>CVE-2014-8094</cvename>
      <cvename>CVE-2014-8095</cvename>
      <cvename>CVE-2014-8096</cvename>
      <cvename>CVE-2014-8097</cvename>
      <cvename>CVE-2014-8098</cvename>
      <cvename>CVE-2014-8099</cvename>
      <cvename>CVE-2014-8100</cvename>
      <cvename>CVE-2014-8101</cvename>
      <cvename>CVE-2014-8102</cvename>
    </references>
    <dates>
      <discovery>2014-12-09</discovery>
      <entry>2014-12-10</entry>
    </dates>
  </vuln>

  <vuln vid="10d73529-7f4b-11e4-af66-00215af774f0">
    <topic>unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources</topic>
    <affects>
      <package>
	<name>unbound</name>
	<range><lt>1.5.1</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>10.0</ge><lt>10.0_14</lt></range>
	<range><ge>10.1</ge><lt>10.1_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Unbound developer reports:</p>
	<blockquote cite="http://unbound.net/downloads/CVE-2014-8602.txt">
	  <p>The resolver can be tricked into following an endless series of
	    delegations, this consumes a lot of resources.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://unbound.net/downloads/CVE-2014-8602.txt</url>
      <freebsdsa>SA-14:30.unbound</freebsdsa>
      <cvename>CVE-2014-8602</cvename>
    </references>
    <dates>
      <discovery>2014-12-08</discovery>
      <entry>2014-12-09</entry>
      <modified>2016-08-09</modified>
    </dates>
  </vuln>

  <vuln vid="567beb1e-7e0a-11e4-b9cc-bcaec565249c">
    <topic>freetype -- Out of bounds stack-based read/write</topic>
    <affects>
      <package>
	<name>freetype2</name>
	<range><lt>2.5.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Werner LEMBERG reports:</p>
	<blockquote cite="http://lists.nongnu.org/archive/html/freetype-announce/2014-12/msg00000.html">
	  <p>The fix for CVE-2014-2240 was not 100% complete to fix the issue
	    from the CVE completly.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://lists.nongnu.org/archive/html/freetype-announce/2014-12/msg00000.html</url>
      <cvename>CVE-2014-2240</cvename>
    </references>
    <dates>
      <discovery>2014-12-07</discovery>
      <entry>2014-12-07</entry>
    </dates>
  </vuln>

  <vuln vid="c9c46fbf-7b83-11e4-a96e-6805ca0b3d42">
    <topic>phpMyAdmin -- XSS and DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><ge>4.2.0</ge><lt>4.2.13.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php">
	  <p>DoS vulnerability with long passwords.</p>
	  <p>With very long passwords it was possible to initiate a
	    denial of service attack on phpMyAdmin.</p>
	  <p>We consider this vulnerability to be serious.</p>
	  <p>This vulnerability can be mitigated by configuring
	    throttling in the webserver.</p>
	</blockquote>

	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php">
	  <p>XSS vulnerability in redirection mechanism.</p>
	  <p>With a crafted URL it was possible to trigger an XSS in
	    the redirection mechanism in phpMyAdmin.</p>
	  <p>We consider this vulnerability to be non critical.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php</url>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php</url>
      <cvename>CVE-2014-9218</cvename>
      <cvename>CVE-2014-9219</cvename>
    </references>
    <dates>
      <discovery>2014-12-03</discovery>
      <entry>2014-12-04</entry>
    </dates>
  </vuln>

  <vuln vid="7ae61870-9dd2-4884-a2f2-f19bb5784d09">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>34.0,1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>31.3.0,1</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>34.0,1</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><lt>2.31</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>31.3.0</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><lt>2.31</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>31.3.0</lt></range>
      </package>
      <package>
	<name>libxul</name>
	<range><lt>31.3.0</lt></range>
      </package>
      <package>
	<name>nss</name>
	<range><lt>3.17.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>ASN.1 DER decoding of lengths is too permissive, allowing
	    undetected smuggling of arbitrary data</p>
	  <p>MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10
	    logging input data to /tmp directory</p>
	  <p>MFSA-2014-89 Bad casting from the BasicThebesLayer to
	    BasicContainerLayer</p>
	  <p>MFSA-2014-88 Buffer overflow while parsing media content</p>
	  <p>MFSA-2014-87 Use-after-free during HTML5 parsing</p>
	  <p>MFSA-2014-86 CSP leaks redirect data via violation reports</p>
	  <p>MFSA-2014-85 XMLHttpRequest crashes with some input streams</p>
	  <p>MFSA-2014-84 XBL bindings accessible via improper CSS
	    declarations</p>
	  <p>MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0
	    / rv:31.3)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1587</cvename>
      <cvename>CVE-2014-1588</cvename>
      <cvename>CVE-2014-1589</cvename>
      <cvename>CVE-2014-1590</cvename>
      <cvename>CVE-2014-1591</cvename>
      <cvename>CVE-2014-1592</cvename>
      <cvename>CVE-2014-1593</cvename>
      <cvename>CVE-2014-1594</cvename>
      <cvename>CVE-2014-1595</cvename>
      <cvename>CVE-2014-1569</cvename>
      <url>https://www.mozilla.org/security/advisories/mfsa2014-83</url>
      <url>https://www.mozilla.org/security/advisories/mfsa2014-84</url>
      <url>https://www.mozilla.org/security/advisories/mfsa2014-85</url>
      <url>https://www.mozilla.org/security/advisories/mfsa2014-86</url>
      <url>https://www.mozilla.org/security/advisories/mfsa2014-87</url>
      <url>https://www.mozilla.org/security/advisories/mfsa2014-88</url>
      <url>https://www.mozilla.org/security/advisories/mfsa2014-89</url>
      <url>https://www.mozilla.org/security/advisories/mfsa2014-90</url>
      <url>https://www.mozilla.org/security/advisories/</url>
    </references>
    <dates>
      <discovery>2014-12-01</discovery>
      <entry>2014-12-02</entry>
    </dates>
  </vuln>

  <vuln vid="23ab5c3e-79c3-11e4-8b1e-d050992ecde8">
    <topic>OpenVPN -- denial of service security vulnerability</topic>
    <affects>
      <package>
	<name>openvpn</name>
	<range><lt>2.0.11</lt></range>
	<range><ge>2.1.0</ge><lt>2.2.3</lt></range>
	<range><ge>2.3.0</ge><lt>2.3.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenVPN project reports:</p>
	<blockquote cite="https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b">
	  <p>In late November 2014 Dragana Damjanovic notified OpenVPN
	    developers of a critical denial of service security vulnerability
	    (CVE-2014-8104). The vulnerability allows an tls-authenticated
	    client to crash the server by sending a too-short control channel
	    packet to the server.  In other words this vulnerability is denial
	    of service only.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-8104</cvename>
      <url>https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b</url>
    </references>
    <dates>
      <discovery>2014-12-01</discovery>
      <entry>2014-12-02</entry>
    </dates>
  </vuln>

  <vuln vid="a33addf6-74e6-11e4-a615-f8b156b6dcc8">
    <topic>flac -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>flac</name>
	<range><lt>1.3.0_3</lt></range>
      </package>
      <package>
	<name>linux-c6-flac</name>
	<range><lt>1.2.1_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Erik de Castro Lopo reports:</p>
	<blockquote cite="http://lists.xiph.org/pipermail/flac-dev/2014-November/005226.html">
	  <p>Google Security Team member, Michele Spagnuolo, recently
	    found two potential problems in the FLAC code base. They are:</p>
	  <ul>
	  <li>CVE-2014-9028: Heap buffer write overflow.</li>
	  <li>CVE-2014-8962: Heap buffer read overflow.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e</url>
      <cvename>CVE-2014-8962</cvename>
      <url>https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85</url>
      <cvename>CVE-2014-9028</cvename>
    </references>
    <dates>
      <discovery>2014-11-25</discovery>
      <entry>2014-11-25</entry>
      <modified>2015-07-15</modified>
    </dates>
  </vuln>

  <vuln vid="7bfd797c-716d-11e4-b008-001999f8d30b">
    <topic>asterisk -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>asterisk11</name>
	<range><lt>11.14.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="http://www.asterisk.org/downloads/security-advisories">
	  <p>AST-2014-014 - High call load may result in hung
	  channels in ConfBridge.</p>
	  <p>AST-2014-017 - Permission escalation through ConfBridge
	  actions/dialplan functions.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://downloads.asterisk.org/pub/security/AST-2014-014.html</url>
      <cvename>CVE-2014-8414</cvename>
      <url>http://downloads.asterisk.org/pub/security/AST-2014-017.html</url>
      <cvename>CVE-2014-8417</cvename>
    </references>
    <dates>
      <discovery>2014-11-21</discovery>
      <entry>2014-11-21</entry>
    </dates>
  </vuln>

  <vuln vid="a92ed304-716c-11e4-b008-001999f8d30b">
    <topic>asterisk -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>asterisk</name>
	<range><lt>1.8.32.1</lt></range>
      </package>
      <package>
	<name>asterisk11</name>
	<range><lt>11.14.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/security">
	  <p>AST-2014-012 - Mixed IP address families in access
	  control lists may permit unwanted traffic.</p>
	  <p>AST-2014-018 - AMI permission escalation through DB
	  dialplan function.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://downloads.asterisk.org/pub/security/AST-2014-012.html</url>
      <cvename>CVE-2014-8412</cvename>
      <url>http://downloads.asterisk.org/pub/security/AST-2014-018.html</url>
      <cvename>CVE-2014-8418</cvename>
    </references>
    <dates>
      <discovery>2014-11-21</discovery>
      <entry>2014-11-21</entry>
    </dates>
  </vuln>

  <vuln vid="a5d4a82a-7153-11e4-88c7-6805ca0b3d42">
    <topic>phpMyAdmin -- XSS and information disclosure vulnerabilities</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><ge>4.2.0</ge><lt>4.2.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php">
	  <ul>
	    <li>With a crafted database, table or column name it is
	      possible to trigger an XSS attack in the table browse
	      page.</li>
	    <li>With a crafted ENUM value it is possible to trigger
	      XSS attacks in the table print view and zoom search
	      pages.</li>
	    <li>With a crafted value for font size it is possible to
	      trigger an XSS attack in the home page.</li>
	  </ul>
	  <p>These vulnerabilities can be triggered only by someone
	    who is logged in to phpMyAdmin, as the usual token
	    protection prevents non-logged-in users from accessing the
	    required pages. Moreover, exploitation of the XSS
	    vulnerability related to the font size requires forgery of
	    the pma_fontsize cookie.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php">
	  <p> In the GIS editor feature, a parameter specifying the
	    geometry type was not correcly validated, opening the door
	    to a local file inclusion attack.</p>
	  <p>This vulnerability can be triggered only by someone who
	    is logged in to phpMyAdmin, as the usual token protection
	    prevents non-logged-in users from accessing the required
	    page.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php">
	  <p>With a crafted file name it is possible to trigger an
	    XSS in the error reporting page.</p>
	  <p>This vulnerability can be triggered only by someone who
	    is logged in to phpMyAdmin, as the usual token protection
	    prevents non-logged-in users from accessing the required
	    page.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php">
	  <p>In the error reporting feature, a parameter specifying
	    the file was not correctly validated, allowing the
	    attacker to derive the line count of an arbitrary file</p>
	  <p>This vulnerability can be triggered only by someone who
	    is logged in to phpMyAdmin, as the usual token protection
	    prevents non-logged-in users from accessing the required
	    page.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php</url>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php</url>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php</url>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php</url>
      <cvename>CVE-2014-8958</cvename>
      <cvename>CVE-2014-8959</cvename>
      <cvename>CVE-2014-8960</cvename>
      <cvename>CVE-2014-8961</cvename>
    </references>
    <dates>
      <discovery>2014-11-20</discovery>
      <entry>2014-11-21</entry>
    </dates>
  </vuln>

  <vuln vid="890b6b22-70fa-11e4-91ae-5453ed2e2b49">
    <topic>kwebkitpart, kde-runtime -- insufficient input validation</topic>
    <affects>
      <package>
	<name>kde-runtime</name>
	<range><lt>4.14.2_2</lt></range>
      </package>
      <package>
	<name>kwebkitpart</name>
	<range><lt>1.3.2_4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Albert Aastals Cid reports:</p>
	<blockquote cite="https://www.kde.org/info/security/advisory-20141113-1.txt">
	  <p>kwebkitpart and the bookmarks:// io slave were not sanitizing
	    input correctly allowing to some javascript being executed on the
	    context of the referenced hostname.</p>
	  <p>Whilst in most cases, the JavaScript will be executed in an
	    untrusted context, with the bookmarks IO slave, it will be executed
	    in the context of the referenced hostname. It should however be
	    noted that KDE mitigates this risk by attempting to ensure that
	    such URLs cannot be embedded directly into Internet hosted
	    content.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.kde.org/info/security/advisory-20141113-1.txt</url>
      <cvename>CVE-2014-8600</cvename>
    </references>
    <dates>
      <discovery>2014-11-13</discovery>
      <entry>2014-11-20</entry>
    </dates>
  </vuln>

  <vuln vid="5a35bc56-7027-11e4-a4a3-001999f8d30b">
    <topic>yii -- Remote arbitrary PHP code execution</topic>
    <affects>
      <package>
	<name>yii</name>
	<range><lt>1.1.15</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Yii PHP Framework developers report:</p>
	<blockquote cite="http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/">
	  <p>We are releasing Yii 1.1.15 to fix a security issue
	  found in 1.1.14. We urge all 1.1.14 users to upgrade their
	  Yii to this latest release. Note that the issue only
	  affects 1.1.14. All previous releases are not affected.
	  Upgrading to this release from 1.1.14 is very safe and
	  will not break your existing code.</p>
	  <p>The vulnerability is in the CDetailView widget. When
	  a Yii application uses this widget and configures the
	  "value" property of a CDetailView attribute using end
	  user inputs, it may allow attackers to potentially execute
	  arbitrary PHP scripts on the server. We are not showing
	  how to exploit it here to allow users to upgrade before
	  details about the exploit become publicly known. To our
	  knowledge the details of this issue are only known to
	  core team members.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-4672</cvename>
      <url>http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix</url>
    </references>
    <dates>
      <discovery>2014-07-03</discovery>
      <entry>2014-11-19</entry>
    </dates>
  </vuln>

  <vuln vid="d395e44f-6f4f-11e4-a444-00262d5ed8ee">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>39.0.2171.65</lt></range>
      </package>
      <package>
	<name>chromium-pulse</name>
	<range><lt>39.0.2171.65</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Google Chrome Releases reports:</p>
	<blockquote cite="http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html">
	  <p>42 security fixes in this release, including:</p>
	  <ul>
	    <li>[389734] High CVE-2014-7899: Address bar spoofing. Credit to
	      Eli Grey.</li>
	    <li>[406868] High CVE-2014-7900: Use-after-free in pdfium. Credit
	      to Atte Kettunen from OUSPG.</li>
	    <li>[413375] High CVE-2014-7901: Integer overflow in pdfium. Credit
	      to cloudfuzzer.</li>
	    <li>[414504] High CVE-2014-7902: Use-after-free in pdfium. Credit
	      to cloudfuzzer.</li>
	    <li>[414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit
	      to cloudfuzzer.</li>
	    <li>[418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to
	      Atte Kettunen from OUSPG.</li>
	    <li>[421817] High CVE-2014-7905: Flaw allowing navigation to
	      intents that do not have the BROWSABLE category. Credit to
	      WangTao(neobyte) of Baidu X-Team.</li>
	    <li>[423030] High CVE-2014-7906: Use-after-free in pepper plugins.
	      Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.</li>
	    <li>[423703] High CVE-2014-0574: Double-free in Flash. Credit to
	      biloulehibou.</li>
	    <li>[424453] High CVE-2014-7907: Use-after-free in blink. Credit to
	      Chen Zhang (demi6od) of the NSFOCUS Security Team.</li>
	    <li>[425980] High CVE-2014-7908: Integer overflow in media. Credit
	      to Christoph Diehl.</li>
	    <li>[391001] Medium CVE-2014-7909: Uninitialized memory read in
	      Skia. Credit to miaubiz.</li>
	    <li>CVE-2014-7910: Various fixes from internal audits, fuzzing and
	      other initiatives.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0574</cvename>
      <cvename>CVE-2014-7899</cvename>
      <cvename>CVE-2014-7900</cvename>
      <cvename>CVE-2014-7901</cvename>
      <cvename>CVE-2014-7902</cvename>
      <cvename>CVE-2014-7903</cvename>
      <cvename>CVE-2014-7904</cvename>
      <cvename>CVE-2014-7905</cvename>
      <cvename>CVE-2014-7906</cvename>
      <cvename>CVE-2014-7907</cvename>
      <cvename>CVE-2014-7908</cvename>
      <cvename>CVE-2014-7909</cvename>
      <cvename>CVE-2014-7910</cvename>
      <url>http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html</url>
    </references>
    <dates>
      <discovery>2014-11-18</discovery>
      <entry>2014-11-18</entry>
    </dates>
  </vuln>

  <vuln vid="dafa13a8-6e9b-11e4-8ef7-5453ed2e2b49">
    <topic>kde-workspace -- privilege escalation</topic>
    <affects>
      <package>
	<name>kde-workspace</name>
	<range><lt>4.11.13_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>David Edmundson reports:</p>
	<blockquote cite="https://www.kde.org/info/security/advisory-20141106-1.txt">
	  <p>KDE workspace configuration module for setting the date and time
	    has a helper program which runs as root for performing actions.
	    This is secured with polkit.</p>
	  <p>This helper takes the name of the ntp utility to run as an
	    argument. This allows a hacker to run any arbitrary command as root
	    under the guise of updating the time.</p>
	  <p>An application can gain root priveledges from an admin user with
	    either misleading information or no interaction.</p>
	  <p>On some systems the user will be shown a prompt to change the
	    time. However, if the system has policykit-desktop-privileges
	    installed, the datetime helper will be invoked by an admin user
	    without any prompts.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-8651</cvename>
      <mlist>http://seclists.org/oss-sec/2014/q4/520</mlist>
    </references>
    <dates>
      <discovery>2014-11-06</discovery>
      <entry>2014-11-17</entry>
    </dates>
  </vuln>

  <vuln vid="c1930f45-6982-11e4-80e1-bcaec565249c">
    <topic>dbus -- incomplete fix for CVE-2014-3636 part A</topic>
    <affects>
      <package>
	<name>dbus</name>
	<range><lt>1.8.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon McVittie reports:</p>
	<blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-November/016395.html">
	  <p>The patch issued by the D-Bus maintainers for CVE-2014-3636
	    was based on incorrect reasoning, and does not fully prevent
	    the attack described as "CVE-2014-3636 part A", which is
	    repeated below. Preventing that attack requires raising the
	    system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher
	    value. CVE-2014-7824 has been allocated for this
	    vulnerability.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-7824</cvename>
      <url>http://lists.freedesktop.org/archives/dbus/2014-November/016395.html</url>
    </references>
    <dates>
      <discovery>2014-11-10</discovery>
      <entry>2014-11-11</entry>
    </dates>
  </vuln>

  <vuln vid="ee7b4f9d-66c8-11e4-9ae1-e8e0b722a85e">
    <topic>wget -- path traversal vulnerability in recursive FTP mode</topic>
    <affects>
      <package>
	<name>wget</name>
	<range><lt>1.16</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MITRE reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877">
	  <p>Absolute path traversal vulnerability in GNU Wget before
	  1.16, when recursion is enabled, allows remote FTP servers
	  to write to arbitrary files, and consequently execute
	  arbitrary code, via a LIST response that references the same
	  filename within two entries, one of which indicates that the
	  filename is for a symlink. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-4877</cvename>
      <certvu>685996</certvu>
    </references>
    <dates>
      <discovery>2014-10-27</discovery>
      <entry>2014-11-08</entry>
    </dates>
  </vuln>

  <vuln vid="0167f5ad-64ea-11e4-98c1-00269ee29e57">
    <topic>Konversation -- out-of-bounds read on a heap-allocated array</topic>
    <affects>
      <package>
	<name>konversation</name>
	<range><lt>1.5.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Konversation developers report:</p>
	<blockquote cite="https://www.kde.org/info/security/advisory-20141104-1.txt">
	  <p>Konversation's Blowfish ECB encryption support assumes incoming blocks
	  to be the expected 12 bytes. The lack of a sanity-check for the actual
	  size can cause a denial of service and an information leak to the local
	  user.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-8483</cvename>
      <url>https://www.kde.org/info/security/advisory-20141104-1.txt</url>
    </references>
    <dates>
      <discovery>2014-11-04</discovery>
      <entry>2014-11-05</entry>
    </dates>
  </vuln>

  <vuln vid="21ce1840-6107-11e4-9e84-0022156e8794">
    <topic>twiki -- remote Perl code execution</topic>
    <affects>
      <package>
	<name>twiki</name>
	<range><lt>5.1.4_1,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>TWiki developers report:</p>
	<blockquote cite="http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236">
	  <p>The debugenableplugins request parameter allows arbitrary
	  Perl code execution.</p>
	  <p>Using an HTTP GET request towards a TWiki server,
	  add a specially crafted debugenableplugins request parameter
	  to TWiki's view script (typically port 80/TCP).
	  Prior authentication may or may not be necessary.</p>
	  <p>A remote attacker can execute arbitrary Perl code
	  to view and modify any file the webserver user has access to.</p>
	  <p>Example: http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit</p>
	  <p>The TWiki site is vulnerable if you see a page with text
	  "Vulnerable!".</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-7236</cvename>
      <url>http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236</url>
    </references>
    <dates>
      <discovery>2014-10-09</discovery>
      <entry>2014-10-31</entry>
    </dates>
  </vuln>

  <vuln vid="0dad9114-60cc-11e4-9e84-0022156e8794">
    <topic>jenkins -- slave-originated arbitrary code execution on master servers</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>1.587</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>1.580.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Kohsuke Kawaguchi from Jenkins team reports:</p>
	<blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30">
	  <p>Historically, Jenkins master and slaves behaved as if
	  they altogether form a single distributed process.  This
	  means a slave can ask a master to do just about anything
	  within the confinement of the operating system, such as
	  accessing files on the master or trigger other jobs on
	  Jenkins.</p>
	  <p>This has increasingly become problematic, as larger
	  enterprise deployments have developed more sophisticated
	  trust separation model, where the administators of a master
	  might take slaves owned by other teams.  In such an
	  environment, slaves are less trusted than the master.
	  Yet the "single distributed process" assumption was not
	  communicated well to the users, resulting in vulnerabilities
	  in some deployments.</p>
	  <p>SECURITY-144 (CVE-2014-3665) introduces a new subsystem
	  to address this problem.  This feature is off by default for
	  compatibility reasons.  See Wiki for more details, who should
	  turn this on, and implications.</p>
	  <p>CVE-2014-3566 is rated high.  It only affects
	  installations that accept slaves from less trusted
	  computers, but this will allow an owner of of such slave to
	  mount a remote code execution attack on Jenkins.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3665</cvename>
      <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30</url>
      <url>https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control</url>
      <url>http://www.cloudbees.com/jenkins-security-advisory-2014-10-30</url>
    </references>
    <dates>
      <discovery>2014-10-30</discovery>
      <entry>2014-10-31</entry>
    </dates>
  </vuln>

  <vuln vid="f8c88d50-5fb3-11e4-81bd-5453ed2e2b49">
    <topic>libssh -- PRNG state reuse on forking servers</topic>
    <affects>
      <package>
	<name>libssh</name>
	<range><lt>0.6.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Aris Adamantiadis reports:</p>
	<blockquote cite="http://www.openwall.com/lists/oss-security/2014/03/05/1">
	  <p>When accepting a new connection, the server forks and the
	    child process handles the request. The RAND_bytes() function
	    of openssl doesn't reset its state after the fork, but
	    simply adds the current process id (getpid) to the PRNG
	    state, which is not guaranteed to be unique.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0017</cvename>
      <mlist>http://www.openwall.com/lists/oss-security/2014/03/05/1</mlist>
      <url>http://secunia.com/advisories/57407</url>
    </references>
    <dates>
      <discovery>2014-03-05</discovery>
      <entry>2014-10-29</entry>
    </dates>
  </vuln>

  <vuln vid="d057c5e6-5b20-11e4-bebd-000c2980a9f3">
    <topic>libpurple/pidgin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>libpurple</name>
	<range><lt>2.10.10</lt></range>
      </package>
      <package>
	<name>pidgin</name>
	<range><lt>2.10.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The pidgin development team reports:</p>
	<blockquote cite="https://developer.pidgin.im/wiki/ChangeLog">
	  <p>.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3694</cvename>
      <cvename>CVE-2014-3697</cvename>
      <cvename>CVE-2014-3696</cvename>
      <cvename>CVE-2014-3695</cvename>
      <cvename>CVE-2014-3698</cvename>
      <url>https://developer.pidgin.im/wiki/ChangeLog</url>
    </references>
    <dates>
      <discovery>2014-10-22</discovery>
      <entry>2014-10-24</entry>
    </dates>
  </vuln>

  <vuln vid="25b78f04-59c8-11e4-b711-6805ca0b3d42">
    <topic>phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page.</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><ge>4.2.0</ge><lt>4.2.10.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php">
	  <p>With a crafted database or table name it is possible to
	    trigger an XSS in SQL debug output when enabled and in
	    server monitor page when viewing and analysing executed
	    queries.</p>
	  <p>This vulnerability can be triggered only by someone who
	    is logged in to phpMyAdmin, as the usual token protection
	    prevents non-logged-in users from accessing the required
	    pages. Moreover, debugging SQL is a developer option which
	    is disabled by default and expected to be disabled in
	    production environments.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php</url>
      <cvename>CVE-2014-8326</cvename>
    </references>
    <dates>
      <discovery>2014-10-21</discovery>
      <entry>2014-10-22</entry>
    </dates>
  </vuln>

  <vuln vid="76c7a0f5-5928-11e4-adc7-001999f8d30b">
    <topic>asterisk -- Asterisk Susceptibility to POODLE Vulnerability</topic>
    <affects>
      <package>
	<name>asterisk</name>
	<range><lt>1.8.31.1</lt></range>
      </package>
      <package>
	<name>asterisk11</name>
	<range><lt>11.13.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="http://www.asterisk.org/downloads/security-advisories">
	  <p>The POODLE vulnerability is described under CVE-2014-3566.
	  This advisory describes the Asterisk's project susceptibility
	  to this vulnerability.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://downloads.asterisk.org/pub/security/AST-2014-011.html</url>
      <cvename>CVE-2014-3566</cvename>
    </references>
    <dates>
      <discovery>2014-10-20</discovery>
      <entry>2014-10-21</entry>
    </dates>
  </vuln>

  <vuln vid="0642b064-56c4-11e4-8b87-bcaec565249c">
    <topic>libxml2 -- Denial of service</topic>
    <affects>
      <package>
	<name>libxml2</name>
	<range><lt>2.9.2</lt></range>
      </package>
      <package>
	<name>linux-c6-libxml2</name>
	<range><lt>2.7.6_2</lt></range>
      </package>
      <package>
	<name>linux-f10-libxml2</name>
	<range><ge>*</ge></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>RedHat reports:</p>
	<blockquote cite="https://rhn.redhat.com/errata/RHSA-2014-1655.html">
	  <p>A denial of service flaw was found in libxml2, a library
	    providing support to read, modify and write XML and HTML
	    files. A remote attacker could provide a specially crafted
	    XML file that, when processed by an application using
	    libxml2, would lead to excessive CPU consumption (denial of
	    service) based on excessive entity substitutions, even if
	    entity substitution was disabled, which is the parser default
	    behavior.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3660</cvename>
      <url>https://rhn.redhat.com/errata/RHSA-2014-1655.html</url>
    </references>
    <dates>
      <discovery>2014-10-16</discovery>
      <entry>2014-10-18</entry>
      <modified>2015-07-15</modified>
    </dates>
  </vuln>

  <vuln vid="6f825fa4-5560-11e4-a4c3-00a0986f28c4">
    <topic>drupal7 -- SQL injection</topic>
    <affects>
      <package>
	<name>drupal7</name>
	<range><lt>7.32</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Drupal Security Team reports:</p>
	<blockquote cite="https://drupal.org/SA-CORE-2013-003">
	  <p>Drupal 7 includes a database abstraction API to ensure that
	    queries executed against the database are sanitized to prevent
	    SQL injection attacks.
	    A vulnerability in this API allows an attacker to send
	    specially crafted requests resulting in arbitrary SQL execution.
	    Depending on the content of the requests this can lead to
	    privilege escalation, arbitrary PHP execution, or other attacks.
	    This vulnerability can be exploited by anonymous users.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3704</cvename>
      <url>https://www.drupal.org/SA-CORE-2014-005</url>
      <url>https://www.sektioneins.de/en/blog/14-10-15-drupal-sql-injection-vulnerability.html</url>
    </references>
    <dates>
      <discovery>2014-10-15</discovery>
      <entry>2014-10-16</entry>
    </dates>
  </vuln>

  <vuln vid="03175e62-5494-11e4-9cc1-bc5ff4fb5e7b">
    <topic>OpenSSL -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><ge>1.0.1</ge><lt>1.0.1_16</lt></range>
      </package>
      <package>
	<name>mingw32-openssl</name>
	<range><ge>1.0.1</ge><lt>1.0.1j</lt></range>
      </package>
      <package>
	<name>linux-c6-openssl</name>
	<range><lt>1.0.1e_1</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>8.4</ge><lt>8.4_17</lt></range>
	<range><ge>9.1</ge><lt>9.1_20</lt></range>
	<range><ge>9.2</ge><lt>9.2_13</lt></range>
	<range><ge>9.3</ge><lt>9.3_3</lt></range>
	<range><ge>10.0</ge><lt>10.0_10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL Project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv_20141015.txt">
	  <p>A flaw in the DTLS SRTP extension parsing code allows an
	    attacker, who sends a carefully crafted handshake message,
	    to cause OpenSSL to fail to free up to 64k of memory causing
	    a memory leak. This could be exploited in a Denial Of Service
	    attack. This issue affects OpenSSL 1.0.1 server implementations
	    for both SSL/TLS and DTLS regardless of whether SRTP is used
	    or configured. Implementations of OpenSSL that have been
	    compiled with OPENSSL_NO_SRTP defined are not affected.
	    [CVE-2014-3513].</p>
	  <p>When an OpenSSL SSL/TLS/DTLS server receives a session
	    ticket the integrity of that ticket is first verified.
	    In the event of a session ticket integrity check failing,
	    OpenSSL will fail to free memory causing a memory leak.
	    By sending a large number of invalid session tickets an
	    attacker could exploit this issue in a Denial Of Service
	    attack. [CVE-2014-3567].</p>
	  <p>OpenSSL has added support for TLS_FALLBACK_SCSV to allow
	    applications to block the ability for a MITM attacker to
	    force a protocol downgrade.</p>
	  <p>Some client applications (such as browsers) will reconnect
	    using a downgraded protocol to work around interoperability
	    bugs in older servers. This could be exploited by an active
	    man-in-the-middle to downgrade connections to SSL 3.0 even
	    if both sides of the connection support higher protocols.
	    SSL 3.0 contains a number of weaknesses including POODLE
	    [CVE-2014-3566].</p>
	  <p>When OpenSSL is configured with "no-ssl3" as a build option,
	    servers could accept and complete a SSL 3.0 handshake, and
	    clients could be configured to send them. [CVE-2014-3568].</p>
	</blockquote>
      </body>
    </description>
    <references>
      <freebsdsa>SA-14:23.openssl</freebsdsa>
      <cvename>CVE-2014-3513</cvename>
      <cvename>CVE-2014-3566</cvename>
      <cvename>CVE-2014-3567</cvename>
      <cvename>CVE-2014-3568</cvename>
      <url>https://www.openssl.org/news/secadv_20141015.txt</url>
    </references>
    <dates>
      <discovery>2014-10-15</discovery>
      <entry>2014-10-15</entry>
      <modified>2016-08-09</modified>
    </dates>
  </vuln>

  <vuln vid="9c1495ac-8d8c-4789-a0f3-8ca6b476619c">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>33.0,1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>31.2.0,1</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>33.0,1</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><lt>2.30</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>31.2.0</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><lt>2.30</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>31.2.0</lt></range>
      </package>
      <package>
	<name>libxul</name>
	<range><lt>31.2.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2014-74 Miscellaneous memory safety hazards
	    (rv:33.0 / rv:31.2)</p>
	  <p>MFSA 2014-75 Buffer overflow during CSS manipulation</p>
	  <p>MFSA 2014-76 Web Audio memory corruption issues with
	    custom waveforms</p>
	  <p>MFSA 2014-78 Further uninitialized memory use during GIF</p>
	  <p>MFSA 2014-79 Use-after-free interacting with text
	    directionality</p>
	  <p>MFSA 2014-80 Key pinning bypasses</p>
	  <p>MFSA 2014-81 Inconsistent video sharing within iframe</p>
	  <p>MFSA 2014-82 Accessing cross-origin objects via the
	    Alarms API</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1574</cvename>
      <cvename>CVE-2014-1575</cvename>
      <cvename>CVE-2014-1576</cvename>
      <cvename>CVE-2014-1577</cvename>
      <cvename>CVE-2014-1580</cvename>
      <cvename>CVE-2014-1581</cvename>
      <cvename>CVE-2014-1582</cvename>
      <cvename>CVE-2014-1583</cvename>
      <cvename>CVE-2014-1584</cvename>
      <cvename>CVE-2014-1585</cvename>
      <cvename>CVE-2014-1586</cvename>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-74.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-75.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-76.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-78.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-79.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-80.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-81.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-82.html</url>
      <url>https://www.mozilla.org/security/announce/</url>
    </references>
    <dates>
      <discovery>2014-10-14</discovery>
      <entry>2014-10-14</entry>
      <modified>2015-08-12</modified>
    </dates>
  </vuln>

  <vuln vid="c30c3a2e-4fb1-11e4-b275-14dae9d210b8">
    <topic>foreman-proxy SSL verification issue</topic>
    <affects>
      <package>
	<name>foreman-proxy</name>
	<range><lt>1.6.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Foreman Security reports:</p>
	<blockquote cite="http://projects.theforeman.org/issues/7822">
	  <p>The smart proxy when running in an SSL-secured mode permits incoming
	    API calls to any endpoint without requiring, or performing any
	    verification of an SSL client certificate. This permits any client
	    with access to the API to make requests and perform actions
	    permitting control of Puppet CA, DHCP, DNS etc.)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3691</cvename>
      <url>https://groups.google.com/forum/#!topic/foreman-announce/LcjZx25Bl7U</url>
    </references>
    <dates>
      <discovery>2014-05-09</discovery>
      <entry>2014-10-09</entry>
    </dates>
  </vuln>

  <vuln vid="b6587341-4d88-11e4-aef9-20cf30e32f6d">
    <topic>Bugzilla multiple security issues</topic>
    <affects>
      <package>
	<name>bugzilla44</name>
	<range><lt>4.4.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Bugzilla Security Advisory</p>
	<blockquote cite="http://www.bugzilla.org/security/4.0.14/">
	  <h5>Unauthorized Account Creation</h5>
	  <p>An attacker creating a new Bugzilla account can override certain
	    parameters when finalizing the account creation that can lead to the
	    user being created with a different email address than originally
	    requested. The overridden login name could be automatically added
	    to groups based on the group's regular expression setting.</p>
	  <h5>Cross-Site Scripting</h5>
	  <p>During an audit of the Bugzilla code base, several places
	    were found where cross-site scripting exploits could occur which
	    could allow an attacker to access sensitive information.</p>
	  <h5>Information Leak</h5>
	  <p>If a new comment was marked private to the insider group, and a flag
	    was set in the same transaction, the comment would be visible to
	    flag recipients even if they were not in the insider group.</p>
	  <h5>Social Engineering</h5>
	  <p>Search results can be exported as a CSV file which can then be
	    imported into external spreadsheet programs. Specially formatted
	    field values can be interpreted as formulas which can be executed
	    and used to attack a user's computer.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1572</cvename>
      <cvename>CVE-2014-1573</cvename>
      <cvename>CVE-2014-1571</cvename>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1074812</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1075578</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1064140</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1054702</url>
    </references>
    <dates>
      <discovery>2014-10-06</discovery>
      <entry>2014-10-06</entry>
    </dates>
  </vuln>

  <vuln vid="81e2b308-4a6c-11e4-b711-6805ca0b3d42">
    <topic>rt42 -- vulnerabilities related to shellshock</topic>
    <affects>
      <package>
	<name>rt42</name>
	<range><ge>4.2.0</ge><lt>4.2.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Best Practical reports:</p>
	<blockquote cite="http://blog.bestpractical.com/2014/10/security-vulnerability-in-rt-42x-cve-2014-7227.html">
	  <p>RT 4.2.0 and above may be vulnerable to arbitrary
	    execution of code by way of CVE-2014-7169, CVE-2014-7186,
	    CVE-2014-7187, CVE-2014-6277, or CVE-2014-6271 --
	    collectively known as "Shellshock." This vulnerability
	    requires a privileged user with access to an RT instance
	    running with SMIME integration enabled; it applies to both
	    mod_perl and fastcgi deployments. If you have already
	    taken upgrades to bash to resolve "Shellshock," you are
	    protected from this vulnerability in RT, and there is no
	    need to apply this patch. This vulnerability has been
	    assigned CVE-2014-7227.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://blog.bestpractical.com/2014/10/security-vulnerability-in-rt-42x-cve-2014-7227.html</url>
      <cvename>CVE-2014-7227</cvename>
    </references>
    <dates>
      <discovery>2014-10-02</discovery>
      <entry>2014-10-02</entry>
    </dates>
  </vuln>

  <vuln vid="549a2771-49cc-11e4-ae2c-c80aa9043978">
    <topic>jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>1.583</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>1.565.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01">
	  <p>Please reference CVE/URL list for details</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01</url>
      <cvename>CVE-2014-3661</cvename>
      <cvename>CVE-2014-3662</cvename>
      <cvename>CVE-2014-3663</cvename>
      <cvename>CVE-2014-3664</cvename>
      <cvename>CVE-2014-3680</cvename>
      <cvename>CVE-2014-3681</cvename>
      <cvename>CVE-2014-3666</cvename>
      <cvename>CVE-2014-3667</cvename>
      <cvename>CVE-2013-2186</cvename>
      <cvename>CVE-2014-1869</cvename>
      <cvename>CVE-2014-3678</cvename>
      <cvename>CVE-2014-3679</cvename>
    </references>
    <dates>
      <discovery>2014-10-01</discovery>
      <entry>2014-10-01</entry>
    </dates>
  </vuln>

  <vuln vid="512d1301-49b9-11e4-ae2c-c80aa9043978">
    <topic>bash -- remote code execution</topic>
    <affects>
      <package>
	<name>bash</name>
	<name>bash-static</name>
	<range><lt>4.3.25_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Note that this is different than the public "Shellshock"
	  issue.</p>
	<p>Specially crafted environment variables could lead to remote
	  arbitrary code execution.  This was fixed in bash 4.3.27, however
	  the port was patched with a mitigation in 4.3.25_2.</p>
      </body>
    </description>
    <references>
      <url>http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html</url>
      <cvename>CVE-2014-6277</cvename>
      <cvename>CVE-2014-6278</cvename>
    </references>
    <dates>
      <discovery>2014-09-27</discovery>
      <entry>2014-10-01</entry>
    </dates>
  </vuln>

  <vuln vid="3e8b7f8a-49b0-11e4-b711-6805ca0b3d42">
    <topic>phpMyAdmin -- XSS vulnerabilities</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><ge>4.2.0</ge><lt>4.2.9.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php">
	  <p>With a crafted ENUM value it is possible to trigger an
	    XSS in table search and table structure pages. This
	    vulnerability can be triggered only by someone who is
	    logged in to phpMyAdmin, as the usual token protection
	    prevents non-logged-in users from accessing the required
	    pages.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php</url>
      <cvename>CVE-2014-7217</cvename>
    </references>
    <dates>
      <discovery>2014-10-01</discovery>
      <entry>2014-10-01</entry>
    </dates>
  </vuln>

  <vuln vid="4a4e9f88-491c-11e4-ae2c-c80aa9043978">
    <topic>bash -- out-of-bounds memory access in parser</topic>
    <affects>
      <package>
	<name>bash</name>
	<name>bash-static</name>
	<range><lt>4.3.27_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>RedHat security team reports:</p>
	<blockquote cite="https://access.redhat.com/security/cve/CVE-2014-7186">
	  <p>It was discovered that the fixed-sized redir_stack could be forced
	    to overflow in the Bash parser, resulting in memory corruption, and
	    possibly leading to arbitrary code execution when evaluating
	    untrusted input that would not otherwise be run as code.</p>
	</blockquote>
	<blockquote cite="https://access.redhat.com/security/cve/CVE-2014-7187">
	  <p>An off-by-one error was discovered in the way Bash was handling
	    deeply nested flow control constructs. Depending on the layout of
	    the .bss segment, this could allow arbitrary execution of code that
	    would not otherwise be executed by Bash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://access.redhat.com/security/cve/CVE-2014-7186</url>
      <cvename>CVE-2014-7186</cvename>
      <cvename>CVE-2014-7187</cvename>
    </references>
    <dates>
      <discovery>2014-09-25</discovery>
      <entry>2014-10-01</entry>
    </dates>
  </vuln>

  <vuln vid="8e0e86ff-48b5-11e4-ab80-000c29f6ae42">
    <topic>rsyslog -- remote syslog PRI vulnerability</topic>
    <affects>
      <package>
	<name>rsyslog</name>
	<range><lt>7.6.7</lt></range>
      </package>
      <package>
	<name>rsyslog8</name>
	<range><lt>8.4.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The rsyslog project reports:</p>
	<blockquote cite="http://www.rsyslog.com/remote-syslog-pri-vulnerability/">
	  <p>potential abort when a message with PRI &gt; 191 was processed
	    if the "pri-text" property was used in active templates,
	    this could be abused to a remote denial of service from
	    permitted senders</p>
	  <p>The original fix for CVE-2014-3634 was not adequate.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.rsyslog.com/remote-syslog-pri-vulnerability/</url>
      <cvename>CVE-2014-3634</cvename>
    </references>
    <dates>
      <discovery>2014-09-30</discovery>
      <entry>2014-09-30</entry>
      <modified>2014-10-02</modified>
    </dates>
  </vuln>

  <vuln vid="6c083cf8-4830-11e4-ae2c-c80aa9043978">
    <topic>fish -- local privilege escalation and remote code execution</topic>
    <affects>
      <package>
	<name>fish</name>
	<range><ge>1.6.0</ge><lt>2.1.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Fish developer David Adam reports:</p>
	<blockquote cite="http://www.openwall.com/lists/oss-security/2014/09/28/8">
	  <p>This release fixes a number of local privilege escalation
	    vulnerability and one remote code execution vulnerability.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.openwall.com/lists/oss-security/2014/09/28/8</url>
      <cvename>CVE-2014-2905</cvename>
      <url>https://github.com/fish-shell/fish-shell/issues/1436</url>
      <cvename>CVE-2014-2906</cvename>
      <cvename>CVE-2014-3856</cvename>
      <url>https://github.com/fish-shell/fish-shell/issues/1437</url>
      <cvename>CVE-2014-2914</cvename>
      <url>https://github.com/fish-shell/fish-shell/issues/1438</url>
      <cvename>CVE-2014-3219</cvename>
      <url>https://github.com/fish-shell/fish-shell/issues/1440</url>
    </references>
    <dates>
      <discovery>2014-09-28</discovery>
      <entry>2014-09-29</entry>
    </dates>
  </vuln>

  <vuln vid="ca44b64c-4453-11e4-9ea1-c485083ca99c">
    <topic>Flash player -- Multiple security vulnerabilities in www/linux-*-flashplugin11</topic>
    <affects>
      <package>
	<name>linux-f10-flashplugin</name>
	<range><lt>11.2r202.400</lt></range>
      </package>
      <package>
	<name>linux-c6-flashplugin</name>
	<range><lt>11.2r202.400</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe reports:</p>
	<blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb14-21.html">
	  <p>These updates address vulnerabilities that could cause a crash
	    and potentially allow an attacker to take control of the affected system.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0547</cvename>
      <cvename>CVE-2014-0548</cvename>
      <cvename>CVE-2014-0549</cvename>
      <cvename>CVE-2014-0550</cvename>
      <cvename>CVE-2014-0551</cvename>
      <cvename>CVE-2014-0552</cvename>
      <cvename>CVE-2014-0553</cvename>
      <cvename>CVE-2014-0554</cvename>
      <cvename>CVE-2014-0555</cvename>
      <cvename>CVE-2014-0556</cvename>
      <cvename>CVE-2014-0557</cvename>
      <cvename>CVE-2014-0559</cvename>
      <url>http://helpx.adobe.com/security/products/flash-player/apsb14-21.html</url>
    </references>
    <dates>
      <discovery>2014-09-09</discovery>
      <entry>2014-09-25</entry>
    </dates>
  </vuln>

  <vuln vid="48108fb0-751c-4cbb-8f33-09239ead4b55">
    <topic>NSS -- RSA Signature Forgery</topic>
    <affects>
      <package>
	<name>linux-firefox</name>
	<range><lt>32.0.3,1</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>31.1.2</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><lt>2.29.1</lt></range>
      </package>
      <package>
	<name>nss</name>
	<range><lt>3.17.1</lt></range>
      </package>
      <package>
	<name>linux-c6-nss</name>
	<range><lt>3.16.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="https://www.mozilla.org/security/announce/2014/mfsa2014-73.html">
	  <p>Antoine Delignat-Lavaud discovered that NSS is vulnerable
	  to a variant of a signature forgery attack previously
	  published by Daniel Bleichenbacher.  This is due to lenient
	  parsing of ASN.1 values involved in a signature and could
	  lead to the forging of RSA certificates.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1568</cvename>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-73.html</url>
    </references>
    <dates>
      <discovery>2014-09-23</discovery>
      <entry>2014-09-25</entry>
    </dates>
  </vuln>

  <vuln vid="fb25333d-442f-11e4-98f3-5453ed2e2b49">
    <topic>krfb -- Multiple security issues in bundled libvncserver</topic>
    <affects>
      <package>
	<name>krfb</name>
	<range><lt>4.12.5_4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Martin Sandsmark reports:</p>
	<blockquote cite="http://lists.kde.org/?l=kde-announce&amp;m=141153917319769&amp;w=2">
	  <p>krfb 4.14 [and earlier] embeds libvncserver which has had
	    several security issues.</p>
	  <p>Several remotely exploitable security issues have been
	    uncovered in libvncserver, some of which might allow a
	    remote authenticated user code execution or application
	    crashes.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-6055</cvename>
      <mlist>http://lists.kde.org/?l=kde-announce&amp;m=141153917319769&amp;w=2</mlist>
    </references>
    <dates>
      <discovery>2014-09-23</discovery>
      <entry>2014-09-25</entry>
    </dates>
  </vuln>

  <vuln vid="71ad81da-4414-11e4-a33e-3c970e169bc2">
    <topic>bash -- remote code execution vulnerability</topic>
    <affects>
      <package>
	<name>bash</name>
	<name>bash-static</name>
	<range><gt>3.0</gt><le>3.0.17</le></range>
	<range><gt>3.1</gt><le>3.1.18</le></range>
	<range><gt>3.2</gt><le>3.2.52</le></range>
	<range><gt>4.0</gt><le>4.0.39</le></range>
	<range><gt>4.1</gt><le>4.1.12</le></range>
	<range><gt>4.2</gt><le>4.2.48</le></range>
	<range><gt>4.3</gt><lt>4.3.25_1</lt></range>
      </package>
      <package>
	<name>linux_base-c6</name>
	<range><lt>6.5_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chet Ramey reports:</p>
	<blockquote cite="https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html">
	  <p>Under certain circumstances, bash will execute user code
	    while processing the environment for exported function
	    definitions.</p>
	</blockquote>
	<p>The original fix released for CVE-2014-6271 was not adequate. A
	  similar vulnerability was discovered and tagged as CVE-2014-7169.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-6271</cvename>
      <cvename>CVE-2014-7169</cvename>
      <url>https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/</url>
      <url>https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html</url>
      <url>http://seclists.org/oss-sec/2014/q3/690</url>
    </references>
    <dates>
      <discovery>2014-09-24</discovery>
      <entry>2014-09-24</entry>
      <modified>2014-09-25</modified>
    </dates>
  </vuln>

  <vuln vid="e60d9e65-3f6b-11e4-ad16-001999f8d30b">
    <topic>asterisk -- Remotely triggered crash</topic>
    <affects>
      <package>
	<name>asterisk11</name>
	<range><lt>11.12.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/security">
	  <p>When an out of call message - delivered by either the
	    SIP or PJSIP channel driver or the XMPP stack - is handled
	    in Asterisk, a crash can occur if the channel servicing
	    the message is sent into the ReceiveFax dialplan application
	    while using the res_fax_spandsp module.</p>
	  <p>Note that this crash does not occur when using the
	    res_fax_digium module.  While this crash technically
	    occurs due to a configuration issue, as attempting to
	    receive a fax from a channel driver that only contains
	    textual information will never succeed, the likelihood
	    of having it occur is sufficiently high as to warrant
	    this advisory.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://downloads.asterisk.org/pub/security/AST-2014-010.pdf</url>
      <url>https://issues.asterisk.org/jira/browse/ASTERISK-24301</url>
      <url>https://www.asterisk.org/security</url>
    </references>
    <dates>
      <discovery>2014-09-05</discovery>
      <entry>2014-09-18</entry>
    </dates>
  </vuln>

  <vuln vid="d3324c55-3f11-11e4-ad16-001999f8d30b">
    <topic>squid -- Buffer overflow in SNMP processing</topic>
    <affects>
      <package>
	<name>squid</name>
	<range><lt>3.4.8</lt></range>
      </package>
      <package>
	<name>squid32</name>
	<range><gt>0</gt></range>
      </package>
      <package>
	<name>squid33</name>
	<range><lt>3.3.13_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The squid-cache project reports:</p>
	<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2014_3.txt">
	  <p>Due to incorrect buffer management Squid can be caused
	  by an attacker to write outside its allocated SNMP buffer.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.squid-cache.org/Advisories/SQUID-2014_3.txt</url>
      <cvename>CVE-2014-6270</cvename>
    </references>
    <dates>
      <discovery>2014-09-15</discovery>
      <entry>2014-09-18</entry>
    </dates>
  </vuln>

  <vuln vid="38242d51-3e58-11e4-ac2f-bcaec565249c">
    <topic>dbus -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>dbus</name>
	<range><lt>1.8.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon McVittie reports:</p>
	<blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-September/016343.html">
	  <p>Do not accept an extra fd in the padding of a cmsg message,
	     which could lead to a 4-byte heap buffer overrun
	     (CVE-2014-3635).</p>
	  <p>Reduce default for maximum Unix file descriptors passed per
	     message from 1024 to 16, preventing a uid with the default
	     maximum number of connections from exhausting the system
	     bus' file descriptors under Linux's default rlimit
	     (CVE-2014-3636).</p>
	  <p>Disconnect connections that still have a fd pending
	     unmarshalling after a new configurable limit,
	     pending_fd_timeout (defaulting to 150 seconds), removing
	     the possibility of creating an abusive connection that
	     cannot be disconnected by setting up a circular reference
	     to a connection's file descriptor (CVE-2014-3637).</p>
	  <p>Reduce default for maximum pending replies per connection
	     from 8192 to 128, mitigating an algorithmic complexity
	     denial-of-service attack (CVE-2014-3638).</p>
	  <p>Reduce default for authentication timeout on the system
	     bus from 30 seconds to 5 seconds, avoiding denial of service
	     by using up all unauthenticated connection slots; and when
	     all unauthenticated connection slots are used up, make new
	     connection attempts block instead of disconnecting them
	     (CVE-2014-3639).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3635</cvename>
      <cvename>CVE-2014-3636</cvename>
      <cvename>CVE-2014-3637</cvename>
      <cvename>CVE-2014-3638</cvename>
      <cvename>CVE-2014-3639</cvename>
      <url>http://lists.freedesktop.org/archives/dbus/2014-September/016343.html</url>
    </references>
    <dates>
      <discovery>2014-09-16</discovery>
      <entry>2014-09-17</entry>
    </dates>
  </vuln>

  <vuln vid="77b784bb-3dc6-11e4-b191-f0def16c5c1b">
    <topic>nginx -- inject commands into SSL session vulnerability</topic>
    <affects>
      <package>
	<name>nginx</name>
	<range><ge>0.6.0</ge><lt>1.6.2,2</lt></range>
      </package>
      <package>
	<name>nginx-devel</name>
	<range><ge>0.5.6</ge><lt>1.7.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The nginx project reports:</p>
	<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html">
	  <p>Security: it was possible to reuse SSL sessions in unrelated contexts
	     if a shared SSL session cache or the same TLS session ticket key was
	     used for multiple "server" blocks (CVE-2014-3616).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3616</cvename>
      <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html</url>
    </references>
    <dates>
      <discovery>2014-09-16</discovery>
      <entry>2014-09-16</entry>
    </dates>
  </vuln>

  <vuln vid="cc627e6c-3b89-11e4-b629-6805ca0b3d42">
    <topic>phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><ge>4.2.0</ge><lt>4.2.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php">
	  <p>XSRF/CSRF due to DOM based XSS in the micro history feature.</p>
	  <p>By deceiving a logged-in user to click on a crafted URL,
	    it is possible to perform remote code execution and in some
	    cases, create a root account due to a DOM based XSS
	    vulnerability in the micro history feature.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php</url>
      <cvename>CVE-2014-6300</cvename>
    </references>
    <dates>
      <discovery>2014-09-13</discovery>
      <entry>2014-09-13</entry>
    </dates>
  </vuln>

  <vuln vid="36858e78-3963-11e4-ad84-000c29f6ae42">
    <topic>security/ossec-hids-* -- root escalation via temp files</topic>
    <affects>
      <package>
	<name>ossec-hids-server</name>
	<name>ossec-hids-client</name>
	<name>ossec-hids-local</name>
	<range><lt>2.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OSSEC reports:</p>
	<blockquote cite="http://www.ossec.net/?p=1135">
	  <p>This correction will create the temp file for the hosts deny file
	    in /var/ossec and will use mktemp where available to create
	    NON-predictable temp file name. In cases where mktemp is not
	    available we have written a BAD version of mktemp, but should be a
	    little better then just process id.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-5284</cvename>
      <url>http://www.ossec.net/?p=1135</url>
    </references>
    <dates>
      <discovery>2014-09-09</discovery>
      <entry>2014-09-11</entry>
    </dates>
  </vuln>

  <vuln vid="6318b303-3507-11e4-b76c-0011d823eebd">
    <topic>trafficserver -- unspecified vulnerability</topic>
    <affects>
      <package>
	<name>trafficserver</name>
	<range><lt>5.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Bryan Call reports:</p>
	<blockquote cite="http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07@yahoo-inc.com%3E">
	  <p>Below is our announcement for the security issue reported to us
	  from Yahoo! Japan.  All versions of Apache Traffic Server are
	  vulnerable.  We urge users to upgrade to either 4.2.1.1 or 5.0.1
	  immediately.</p>
	  <p>This fixes CVE-2014-3525 and limits access to how the health
	  checks are performed.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3525</cvename>
      <url>http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07@yahoo-inc.com%3E</url>
    </references>
    <dates>
      <discovery>2014-07-23</discovery>
      <entry>2014-09-05</entry>
    </dates>
  </vuln>

  <vuln vid="84203724-296b-11e4-bebd-000c2980a9f3">
    <topic>file -- buffer overruns and missing buffer size tests</topic>
    <affects>
      <package>
	<name>file</name>
	<range><lt>5.19</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Christos Zoulas reports:</p>
	<blockquote cite="http://mx.gw.com/pipermail/file/2014/001553.html">
	  <p>A specially crafted file can cause a segmentation fault.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://mx.gw.com/pipermail/file/2014/001553.html</url>
    </references>
    <dates>
      <discovery>2014-06-09</discovery>
      <entry>2014-08-21</entry>
    </dates>
  </vuln>

  <vuln vid="3c5579f7-294a-11e4-99f6-00e0814cab4e">
    <topic>django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py27-django</name>
	<range><ge>1.6</ge><lt>1.6.6</lt></range>
      </package>
      <package>
	<name>py27-django15</name>
	<range><ge>1.5</ge><lt>1.5.9</lt></range>
      </package>
      <package>
	<name>py27-django14</name>
	<range><ge>1.4</ge><lt>1.4.14</lt></range>
      </package>
      <package>
	<name>py32-django</name>
	<range><ge>1.6</ge><lt>1.6.6</lt></range>
      </package>
      <package>
	<name>py32-django15</name>
	<range><ge>1.5</ge><lt>1.5.9</lt></range>
      </package>
      <package>
	<name>py33-django</name>
	<range><ge>1.6</ge><lt>1.6.6</lt></range>
      </package>
      <package>
	<name>py33-django15</name>
	<range><ge>1.5</ge><lt>1.5.9</lt></range>
      </package>
      <package>
	<name>py34-django</name>
	<range><ge>1.6</ge><lt>1.6.6</lt></range>
      </package>
      <package>
	<name>py34-django15</name>
	<range><ge>1.5</ge><lt>1.5.9</lt></range>
      </package>
      <package>
	<name>py27-django-devel</name>
	<range><lt>20140821,1</lt></range>
      </package>
      <package>
	<name>py32-django-devel</name>
	<range><lt>20140821,1</lt></range>
      </package>
      <package>
	<name>py33-django-devel</name>
	<range><lt>20140821,1</lt></range>
      </package>
      <package>
	<name>py34-django-devel</name>
	<range><lt>20140821,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Django project reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2014/aug/20/security/">
	  <p>These releases address an issue with reverse() generating external
	    URLs; a denial of service involving file uploads; a potential
	    session hijacking issue in the remote-user middleware; and a data
	    leak in the administrative interface. We encourage all users of
	    Django to upgrade as soon as possible.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.djangoproject.com/weblog/2014/aug/20/security/</url>
      <cvename>CVE-2014-0480</cvename>
      <cvename>CVE-2014-0481</cvename>
      <cvename>CVE-2014-0482</cvename>
      <cvename>CVE-2014-0483</cvename>
    </references>
    <dates>
      <discovery>2014-08-20</discovery>
      <entry>2014-08-21</entry>
    </dates>
  </vuln>

  <vuln vid="d2a892b9-2605-11e4-9da0-00a0986f28c4">
    <topic>PHP multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>php53</name>
	<range><lt>5.3.29</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The PHP Team reports:</p>
	<blockquote cite="http://php.net/ChangeLog-5.php#5.3.29">
	  <p>insecure temporary file use in the configure script</p>
	  <p>unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
	    </p>
	  <p>Heap buffer over-read in DateInterval</p>
	  <p>fileinfo: cdf_read_short_sector insufficient boundary check</p>
	  <p>fileinfo: CDF infinite loop in nelements DoS</p>
	  <p>fileinfo: fileinfo: numerous file_printf calls resulting in
	    performance degradation)</p>
	  <p>Fix potential segfault in dns_check_record()</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-6712</cvename>
      <cvename>CVE-2014-0207</cvename>
      <cvename>CVE-2014-0237</cvename>
      <cvename>CVE-2014-0238</cvename>
      <cvename>CVE-2014-3515</cvename>
      <cvename>CVE-2014-3981</cvename>
      <cvename>CVE-2014-4049</cvename>
      <url>http://php.net/ChangeLog-5.php#5.3.29</url>
      <url>https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html</url>
    </references>
    <dates>
      <discovery>2014-08-14</discovery>
      <entry>2014-08-18</entry>
    </dates>
  </vuln>

  <vuln vid="fbb01289-2645-11e4-bc44-6805ca0b3d42">
    <topic>phpMyAdmin -- XSS vulnerabilities</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><ge>4.2.0</ge><lt>4.2.7.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php">
	  <p>Multiple XSS vulnerabilities in browse table, ENUM
	    editor, monitor, query charts and table relations pages.</p>
	  <p> With a crafted database, table or a primary/unique key
	    column name it is possible to trigger an XSS when dropping
	    a row from the table. With a crafted column name it is
	    possible to trigger an XSS in the ENUM editor dialog. With
	    a crafted variable name or a crafted value for unit field
	    it is possible to trigger a self-XSS when adding a new
	    chart in the monitor page. With a crafted value for x-axis
	    label it is possible to trigger a self-XSS in the query
	    chart page. With a crafted relation name it is possible to
	    trigger an XSS in table relations page.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php">
	  <p>XSS in view operations page.</p>
	  <p>With a crafted view name it is possible to trigger an
	    XSS when dropping the view in view operation page.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php</url>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php</url>
      <cvename>CVE-2014-5273</cvename>
      <cvename>CVE-2014-5274</cvename>
    </references>
    <dates>
      <discovery>2014-08-17</discovery>
      <entry>2014-08-17</entry>
    </dates>
  </vuln>

  <vuln vid="69048656-2187-11e4-802c-20cf30e32f6d">
    <topic>serf -- SSL Certificate Null Byte Poisoning</topic>
    <affects>
      <package>
	<name>serf</name>
	<range><lt>1.3.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>serf Development list reports:</p>
	<blockquote cite="https://groups.google.com/forum/#!topic/serf-dev/NvgPoK6sFsc">
	  <p>Serf provides APIs to retrieve information about a certificate.  These
	    APIs return the information as NUL terminated strings (commonly called C
	    strings).  X.509 uses counted length strings which may include a NUL byte.
	    This means that a library user will interpret any information as ending
	    upon seeing this NUL byte and will only see a partial value for that field.
	  </p>
	  <p>Attackers could exploit this vulnerability to create a certificate that a
	    client will accept for a different hostname than the full certificate is
	    actually for by embedding a NUL byte in the certificate.</p>
	  <p>This can lead to a man-in-the-middle attack.  There are no known instances
	    of this problem being exploited in the wild and in practice it should be
	    difficult to actually exploit this vulnerability.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3504</cvename>
    </references>
    <dates>
      <discovery>2014-08-06</discovery>
      <entry>2014-08-11</entry>
    </dates>
  </vuln>

  <vuln vid="83a418cc-2182-11e4-802c-20cf30e32f6d">
    <topic>subversion -- several vulnerabilities</topic>
    <affects>
      <package>
	<name>subversion16</name>
	<range><ge>1.0.0</ge><lt>1.7.18</lt></range>
      </package>
      <package>
	<name>subversion17</name>
	<range><ge>1.0.0</ge><lt>1.7.18</lt></range>
      </package>
      <package>
	<name>subversion</name>
	<range><ge>1.0.0</ge><lt>1.7.18</lt></range>
	<range><ge>1.8.0</ge><lt>1.8.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Subversion Project reports:</p>
	<blockquote cite="http://subversion.apache.org/security/CVE-2014-3522-advisory.txt">
	  <p>Using the Serf RA layer of Subversion for HTTPS uses the apr_fnmatch API
	    to handle matching wildcards in certificate Common Names and Subject
	    Alternate Names.  However, apr_fnmatch is not designed for this purpose.
	    Instead it is designed to behave like common shell globbing.  In particular
	    this means that '*' is not limited to a single label within a hostname
	    (i.e. it will match '.').  But even further apr_fnmatch supports '?' and
	    character classes (neither of which are part of the RFCs defining how
	    certificate validation works).</p>
	  <p>Subversion stores cached credentials by an MD5 hash based on the URL and
	    the authentication realm of the server the credentials are cached for.
	    MD5 has been shown to be subject to chosen plaintext hash collisions.
	    This means it may be possible to generate an authentication realm which
	    results in the same MD5 hash for a different URL.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3522</cvename>
      <cvename>CVE-2014-3528</cvename>
      <url>http://subversion.apache.org/security/CVE-2014-3522-advisory.txt</url>
      <url>http://subversion.apache.org/security/CVE-2014-3528-advisory.txt</url>
    </references>
    <dates>
      <discovery>2014-08-06</discovery>
      <entry>2014-08-11</entry>
    </dates>
  </vuln>

  <vuln vid="ad747a01-1fee-11e4-8ff1-f0def16c5c1b">
    <topic>nginx -- inject commands into SSL session vulnerability</topic>
    <affects>
      <package>
	<name>nginx</name>
	<range><ge>1.6.0,2</ge><lt>1.6.1,2</lt></range>
      </package>
      <package>
	<name>nginx-devel</name>
	<range><ge>1.5.6</ge><lt>1.7.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The nginx project reports:</p>
	<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html">
	  <p>Security: pipelined commands were not discarded after STARTTLS
	    command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3556</cvename>
      <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html</url>
    </references>
    <dates>
      <discovery>2014-08-05</discovery>
      <entry>2014-08-09</entry>
    </dates>
  </vuln>

  <vuln vid="8aff07eb-1dbd-11e4-b6ba-3c970e169bc2">
    <topic>OpenSSL -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><ge>1.0.1</ge><lt>1.0.1_14</lt></range>
      </package>
      <package>
	<name>mingw32-openssl</name>
	<range><ge>1.0.1</ge><lt>1.0.1i</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>8.4</ge><lt>8.4_15</lt></range>
	<range><ge>9.1</ge><lt>9.1_18</lt></range>
	<range><ge>9.2</ge><lt>9.2_11</lt></range>
	<range><ge>9.3</ge><lt>9.3_1</lt></range>
	<range><ge>10.0</ge><lt>10.0_8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL Project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv_20140806.txt">
	  <p>A flaw in OBJ_obj2txt may cause pretty printing functions
	    such as X509_name_oneline, X509_name_print_ex et al. to leak
	    some information from the stack. [CVE-2014-3508]</p>
	  <p>The issue affects OpenSSL clients and allows a malicious
	    server to crash the client with a null pointer dereference
	    (read) by specifying an SRP ciphersuite even though it was
	    not properly negotiated with the client. [CVE-2014-5139]</p>
	  <p>If a multithreaded client connects to a malicious server
	    using a resumed session and the server sends an ec point
	    format extension it could write up to 255 bytes to freed
	    memory. [CVE-2014-3509]</p>
	  <p>An attacker can force an error condition which causes
	    openssl to crash whilst processing DTLS packets due to
	    memory being freed twice. This can be exploited through
	    a Denial of Service attack. [CVE-2014-3505]</p>
	  <p>An attacker can force openssl to consume large amounts
	    of memory whilst processing DTLS handshake messages.
	    This can be exploited through a Denial of Service
	    attack. [CVE-2014-3506]</p>
	  <p>By sending carefully crafted DTLS packets an attacker
	    could cause openssl to leak memory. This can be exploited
	    through a Denial of Service attack. [CVE-2014-3507]</p>
	  <p>OpenSSL DTLS clients enabling anonymous (EC)DH
	    ciphersuites are subject to a denial of service attack.
	    A malicious server can crash the client with a null pointer
	    dereference (read) by specifying an anonymous (EC)DH
	    ciphersuite and sending carefully crafted handshake
	    messages. [CVE-2014-3510]</p>
	  <p>A flaw in the OpenSSL SSL/TLS server code causes the
	    server to negotiate TLS 1.0 instead of higher protocol
	    versions when the ClientHello message is badly
	    fragmented. This allows a man-in-the-middle attacker
	    to force a downgrade to TLS 1.0 even if both the server
	    and the client support a higher protocol version, by
	    modifying the client's TLS records. [CVE-2014-3511]</p>
	  <p>A malicious client or server can send invalid SRP
	    parameters and overrun an internal buffer.  Only
	    applications which are explicitly set up for SRP
	    use are affected. [CVE-2014-3512]</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.openssl.org/news/secadv_20140806.txt</url>
      <freebsdsa>SA-14:18.openssl</freebsdsa>
      <cvename>CVE-2014-3505</cvename>
      <cvename>CVE-2014-3506</cvename>
      <cvename>CVE-2014-3507</cvename>
      <cvename>CVE-2014-3508</cvename>
      <cvename>CVE-2014-3509</cvename>
      <cvename>CVE-2014-3510</cvename>
      <cvename>CVE-2014-3511</cvename>
      <cvename>CVE-2014-3512</cvename>
      <cvename>CVE-2014-5139</cvename>
    </references>
    <dates>
      <discovery>2014-08-06</discovery>
      <entry>2014-08-06</entry>
      <modified>2016-08-09</modified>
    </dates>
  </vuln>

  <vuln vid="be5421ab-1b56-11e4-a767-5453ed2e2b49">
    <topic>krfb -- Possible Denial of Service or code execution via integer overflow</topic>
    <affects>
      <package>
	<name>krfb</name>
	<range><lt>4.12.5_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Albert Aastals Cid reports:</p>
	<blockquote cite="http://lists.kde.org/?l=kde-announce&amp;m=140709940701878&amp;w=2">
	  <p>krfb embeds libvncserver which embeds liblzo2, it contains various
	    flaws that result in integer overflow problems.</p>
	  <p>This potentially allows a malicious application to create a
	    possible denial of service or code execution. Due to the need to
	    exploit precise details of the target architecture and threading it
	    is unlikely that remote code execution can be achieved in
	    practice.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-4607</cvename>
      <mlist>http://lists.kde.org/?l=kde-announce&amp;m=140709940701878&amp;w=2</mlist>
    </references>
    <dates>
      <discovery>2014-08-03</discovery>
      <entry>2014-08-03</entry>
    </dates>
  </vuln>

  <vuln vid="89ff45e3-1a57-11e4-bebd-000c2980a9f3">
    <topic>samba -- remote code execution</topic>
    <affects>
      <package>
	<name>samba4</name>
	<range><ge>4.0.0</ge><lt>4.0.21</lt></range>
      </package>
      <package>
	<name>samba41</name>
	<range><ge>4.1.0</ge><lt>4.1.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Samba developers report:</p>
	<blockquote cite="http://www.samba.org/samba/security/CVE-2014-3560">
	  <p>A malicious browser can send packets that may overwrite the heap of
	    the target nmbd NetBIOS name services daemon. It may be possible to
	    use this to generate a remote code execution vulnerability as the
	    superuser (root).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3560</cvename>
      <url>http://www.samba.org/samba/security/CVE-2014-3560</url>
    </references>
    <dates>
      <discovery>2014-07-31</discovery>
      <entry>2014-08-02</entry>
    </dates>
  </vuln>

  <vuln vid="90ca3ba5-19e6-11e4-8616-001b3856973b">
    <topic>gpgme -- heap-based buffer overflow in gpgsm status handler</topic>
    <affects>
      <package>
	<name>gpgme</name>
	<range><lt>1.5.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tomas Trnka reports:</p>
	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1113267">
	  <p>Gpgme contains a buffer overflow in the gpgsm status handler
	    that could possibly be exploited using a specially crafted certificate.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3564</cvename>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=1113267</url>
    </references>
    <dates>
      <discovery>2014-06-25</discovery>
      <entry>2014-08-02</entry>
    </dates>
  </vuln>

  <vuln vid="2f90556f-18c6-11e4-9cc4-5453ed2e2b49">
    <topic>kdelibs -- KAuth PID Reuse Flaw</topic>
    <affects>
      <package>
	<name>kdelibs</name>
	<range><lt>4.12.5_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Martin Sandsmark reports:</p>
	<blockquote cite="http://lists.kde.org/?l=kde-announce&amp;m=140674898412923&amp;w=2">
	  <p>The KAuth framework uses polkit-1 API which tries to authenticate
	    using the requestors PID. This is prone to PID reuse race
	    conditions.</p>
	  <p>This potentially allows a malicious application to pose as another
	    for authentication purposes when executing privileged actions.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-5033</cvename>
      <mlist>http://lists.kde.org/?l=kde-announce&amp;m=140674898412923&amp;w=2</mlist>
    </references>
    <dates>
      <discovery>2014-07-30</discovery>
      <entry>2014-07-31</entry>
    </dates>
  </vuln>

  <vuln vid="31c09848-1829-11e4-bf04-60a44c524f57">
    <topic>tor -- traffic confirmation attack</topic>
    <affects>
      <package>
	<name>tor</name>
	<range><lt>0.2.4.23</lt></range>
      </package>
      <package>
	<name>tor-devel</name>
	<range><lt>0.2.5.6.a</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Tor Project reports:</p>
	<blockquote cite="https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html">
	  <p>Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a
	    circuit after an inbound RELAY_EARLY cell is received by a client,
	    which makes it easier for remote attackers to conduct
	    traffic-confirmation attacks by using the pattern of RELAY and
	    RELAY_EARLY cells as a means of communicating information about
	    hidden service names.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html</url>
      <url>https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack</url>
      <cvename>CVE-2014-5117</cvename>
    </references>
    <dates>
      <discovery>2014-07-30</discovery>
      <entry>2014-07-30</entry>
    </dates>
  </vuln>

  <vuln vid="13419364-1685-11e4-bf04-60a44c524f57">
    <topic>i2p -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>i2p</name>
	<range><lt>0.9.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The i2p project reports:</p>
	<blockquote cite="http://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release">
	  <p>XSS and remote execution vulnerabilities reported by Exodus Intelligence.</p>
	</blockquote>
	<p>Exodus Intelligence reports:</p>
	<blockquote cite="http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/">
	  <p>The vulnerability we have found is able to perform remote code
	     execution with a specially crafted payload. This payload can be
	     customized to unmask a user and show the public IP address in
	     which the user connected from within 'a couple of seconds.'</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/</url>
      <url>http://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release</url>
    </references>
    <dates>
      <discovery>2014-07-24</discovery>
      <entry>2014-07-28</entry>
    </dates>
  </vuln>

  <vuln vid="9defb2d6-1404-11e4-8cae-20cf30e32f6d">
    <topic>bugzilla -- Cross Site Request Forgery</topic>
    <affects>
      <package>
	<name>bugzilla44</name>
	<range><lt>4.4.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>A Bugzilla Security Advisory reports:</h1>
	<blockquote cite="http://www.bugzilla.org/security/4.0.13/">
	  <p>Adobe does not properly restrict the SWF file format,
	    which allows remote attackers to conduct cross-site
	    request forgery (CSRF) attacks against Bugzilla's JSONP
	    endpoint, possibly obtaining sensitive bug information,
	    via a crafted OBJECT element with SWF content satisfying
	    the character-set requirements of a callback API.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1546</cvename>
    </references>
    <dates>
      <discovery>2014-07-24</discovery>
      <entry>2014-07-25</entry>
    </dates>
  </vuln>

  <vuln vid="f927e06c-1109-11e4-b090-20cf30e32f6d">
    <topic>apache22 -- several vulnerabilities</topic>
    <affects>
      <package>
	<name>apache22</name>
	<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
      </package>
      <package>
	<name>apache22-event-mpm</name>
	<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
      </package>
      <package>
	<name>apache22-itk-mpm</name>
	<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
      </package>
      <package>
	<name>apache22-peruser-mpm</name>
	<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
      </package>
      <package>
	<name>apache22-worker-mpm</name>
	<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Apache HTTP SERVER PROJECT reports:</p>
	  <blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.29">
	  <p> mod_deflate: The DEFLATE input filter (inflates request bodies) now
	    limits the length and compression ratio of inflated request bodies to
	    avoid denial of service via highly compressed bodies.  See directives
	    DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
	    DeflateInflateRatioBurst.</p>
	  <p>mod_cgid: Fix a denial of service against CGI scripts that do not consume
	    stdin that could lead to lingering HTTPD child processes filling up the
	    scoreboard and eventually hanging the server.  By default, the client I/O
	    timeout (Timeout directive) now applies to communication with scripts.  The
	    CGIDScriptTimeout directive can be used to set a different timeout for
	    communication with scripts.</p>
	  <p>Fix a race condition in scoreboard handling, which could lead to a heap
	    buffer overflow.</p>
	  <p>core: HTTP trailers could be used to replace HTTP headers late during
	    request processing, potentially undoing or otherwise confusing modules
	    that examined or modified request headers earlier.  Adds "MergeTrailers"
	    directive to restore legacy behavior.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0118</cvename>
      <cvename>CVE-2014-0231</cvename>
      <cvename>CVE-2014-0226</cvename>
      <cvename>CVE-2013-5704</cvename>
    </references>
    <dates>
      <discovery>2014-07-19</discovery>
      <entry>2014-07-24</entry>
      <modified>2014-09-03</modified>
    </dates>
  </vuln>

  <vuln vid="81fc1076-1286-11e4-bebd-000c2980a9f3">
    <topic>tomcat -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>tomcat</name>
	<range><lt>6.0.40</lt></range>
      </package>
      <package>
	<name>tomcat7</name>
	<range><lt>7.0.53</lt></range>
      </package>
      <package>
	<name>tomcat8</name>
	<range><lt>8.0.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tomcat Security Team reports:</p>
	<blockquote cite="https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.54">
	  <p>Tomcat does not properly restrict XSLT stylesheets, which allows
	    remote attackers to bypass security-manager restrictions and read
	    arbitrary files via a crafted web application that provides an XML
	    external entity declaration in conjunction with an entity
	    reference, related to an XML External Entity (XXE) issue.</p>
	  <p>An integer overflow, when operated behind a reverse proxy, allows
	    remote attackers to conduct HTTP request smuggling attacks via a
	    crafted Content-Length HTTP header.</p>
	  <p>An integer overflow in parseChunkHeader allows remote attackers
	    to cause a denial of service (resource consumption) via a malformed
	    chunk size in chunked transfer coding of a request during the
	    streaming of data.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0096</cvename>
      <cvename>CVE-2014-0099</cvename>
      <cvename>CVE-2014-0075</cvename>
      <url>https://tomcat.apache.org/security-6.html</url>
      <url>https://tomcat.apache.org/security-7.html</url>
      <url>https://tomcat.apache.org/security-8.html</url>
    </references>
    <dates>
      <discovery>2014-05-23</discovery>
      <entry>2014-07-23</entry>
      <modified>2017-03-18</modified>
    </dates>
  </vuln>

  <vuln vid="978b0f76-122d-11e4-afe3-bc5ff4fb5e7b">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>31.0,1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>24.7.0,1</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>31.0,1</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>24.7.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>24.7.0</lt></range>
      </package>
      <package>
	<name>nss</name>
	<range><lt>3.16.1_2</lt></range>
	<!-- CVE-2014-1544/Bug 963150 -->
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2014-66 IFRAME sandbox same-origin access through
	    redirect</p>
	  <p>MFSA 2014-65 Certificate parsing broken by non-standard
	    character encoding</p>
	  <p>MFSA 2014-64 Crash in Skia library when scaling high
	    quality images</p>
	  <p>MFSA 2014-63 Use-after-free while when manipulating
	    certificates in the trusted cache</p>
	  <p>MFSA 2014-62 Exploitable WebGL crash with Cesium
	    JavaScript library</p>
	  <p>MFSA 2014-61 Use-after-free with FireOnStateChange
	    event</p>
	  <p>MFSA 2014-60 Toolbar dialog customization event
	    spoofing</p>
	  <p>MFSA 2014-59 Use-after-free in DirectWrite font
	    handling</p>
	  <p>MFSA 2014-58 Use-after-free in Web Audio due to
	    incorrect control message ordering</p>
	  <p>MFSA 2014-57 Buffer overflow during Web Audio
	    buffering for playback</p>
	  <p>MFSA 2014-56 Miscellaneous memory safety hazards
	    (rv:31.0 / rv:24.7)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1544</cvename>
      <cvename>CVE-2014-1547</cvename>
      <cvename>CVE-2014-1548</cvename>
      <cvename>CVE-2014-1549</cvename>
      <cvename>CVE-2014-1550</cvename>
      <cvename>CVE-2014-1551</cvename>
      <cvename>CVE-2014-1552</cvename>
      <cvename>CVE-2014-1555</cvename>
      <cvename>CVE-2014-1556</cvename>
      <cvename>CVE-2014-1557</cvename>
      <cvename>CVE-2014-1558</cvename>
      <cvename>CVE-2014-1559</cvename>
      <cvename>CVE-2014-1560</cvename>
      <cvename>CVE-2014-1561</cvename>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-56.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-57.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-58.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-59.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-60.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-61.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-62.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-63.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-64.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-65.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-66.html</url>
      <url>https://www.mozilla.org/security/announce/</url>
    </references>
    <dates>
      <discovery>2014-07-22</discovery>
      <entry>2014-07-23</entry>
    </dates>
  </vuln>

  <vuln vid="ecea9e92-0be5-4931-88da-8772d044972a">
    <topic>mcollective -- cert valication issue</topic>
    <affects>
      <package>
	<name>mcollective</name>
	<range><lt>2.5.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Melissa Stone reports:</p>
	<blockquote cite="https://groups.google.com/forum/#!topic/puppet-announce/cPykqUXMmK4">
	  <p>The MCollective aes_security public key plugin does not correctly
	    validate certs against the CA. By exploiting this vulnerability
	    within a race/initialization window, an attacker with local access
	    could initiate an unauthorized MCollective client connection with a
	    server, and thus control the mcollective plugins running on that
	    server. This vulnerability requires a collective be configured to
	    use the aes_security plugin. Puppet Enterprise and open source
	    MCollective are not configured to use the plugin and are not
	    vulnerable by default.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3251</cvename>
      <url>https://groups.google.com/forum/#!topic/puppet-announce/cPykqUXMmK4</url>
    </references>
    <dates>
      <discovery>2014-07-09</discovery>
      <entry>2014-07-21</entry>
    </dates>
  </vuln>

  <vuln vid="904d78b8-0f7e-11e4-8b71-5453ed2e2b49">
    <topic>qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler</topic>
    <affects>
      <package>
	<name>qt4-imageformats</name>
	<range><lt>4.8.6_1</lt></range>
      </package>
      <package>
	<name>qt5-gui</name>
	<range><lt>5.2.1_4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Richard J. Moore reports:</p>
	<blockquote cite="http://lists.qt-project.org/pipermail/announce/2014-April/000045.html">
	  <p>The builtin GIF decoder in QtGui prior to Qt 5.3 contained a bug
	    that would lead to a null pointer dereference when loading certain
	    hand crafted corrupt GIF files. This in turn would cause the
	    application loading these hand crafted GIFs to crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0190</cvename>
      <bid>67087</bid>
      <mlist>http://lists.qt-project.org/pipermail/announce/2014-April/000045.html</mlist>
    </references>
    <dates>
      <discovery>2014-04-24</discovery>
      <entry>2014-07-19</entry>
      <modified>2014-07-21</modified>
    </dates>
  </vuln>

  <vuln vid="4364e1f1-0f44-11e4-b090-20cf30e32f6d">
    <topic>apache24 -- several vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><lt>2.4.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Apache HTTP SERVER PROJECT reports:</h1>
	<blockquote cite="http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&amp;pathrev=1610737">
	  <p>mod_proxy: Fix crash in Connection header handling which allowed a
	    denial of service attack against a reverse proxy with a threaded MPM.</p>
	  <p>Fix a race condition in scoreboard handling, which could lead to a
	    heap buffer overflow.</p>
	  <p>mod_deflate: The DEFLATE input filter (inflates request bodies) now
	    limits the length and compression ratio of inflated request bodies to avoid
	    denial of sevice via highly compressed bodies.  See directives
	    DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
	    and DeflateInflateRatioBurst.</p>
	  <p>mod_cgid: Fix a denial of service against CGI scripts that do
	    not consume stdin that could lead to lingering HTTPD child processes
	    filling up the scoreboard and eventually hanging the server.  By
	    default, the client I/O timeout (Timeout directive) now applies to
	    communication with scripts.  The CGIDScriptTimeout directive can be
	    used to set a different timeout for communication with scripts.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0117</cvename>
      <cvename>CVE-2014-3523</cvename>
      <cvename>CVE-2014-0226</cvename>
      <cvename>CVE-2014-0118</cvename>
      <cvename>CVE-2014-0231</cvename>
    </references>
    <dates>
      <discovery>2014-07-15</discovery>
      <entry>2014-07-19</entry>
    </dates>
  </vuln>

  <vuln vid="3f09ca29-0e48-11e4-b17a-6805ca0b3d42">
    <topic>phpMyAdmin -- multiple XSS vulnerabilities, missing validation</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><ge>4.2.0</ge><lt>4.2.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php">
	  <p>Self-XSS due to unescaped HTML output in database
	    structure page.</p>
	  <p>With a crafted table comment, it is possible to trigger
	    an XSS in database structure page.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php">
	  <p>Self-XSS due to unescaped HTML output in database
	    triggers page.</p>
	  <p>When navigating into the database triggers page, it is
	    possible to trigger an XSS with a crafted trigger
	    name.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php">
	  <p>Multiple XSS in AJAX confirmation messages.</p>
	  <p>With a crafted column name it is possible to trigger an
	    XSS when dropping the column in table structure page. With
	    a crafted table name it is possible to trigger an XSS when
	    dropping or truncating the table in table operations
	    page.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php">
	  <p>Access for an unprivileged user to MySQL user list.</p>
	  <p>An unpriviledged user could view the MySQL user list and
	    manipulate the tabs displayed in phpMyAdmin for them.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-4954</cvename>
      <cvename>CVE-2014-4955</cvename>
      <cvename>CVE-2014-4986</cvename>
      <cvename>CVE-2014-4987</cvename>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php</url>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php</url>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php</url>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php</url>
    </references>
    <dates>
      <discovery>2014-07-18</discovery>
      <entry>2014-07-18</entry>
      <modified>2014-07-20</modified>
    </dates>
  </vuln>

  <vuln vid="4a114331-0d24-11e4-8dd2-5453ed2e2b49">
    <topic>kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw</topic>
    <affects>
      <package>
	<name>kdelibs</name>
	<range><ge>4.10.95</ge><lt>4.12.5_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Richard J. Moore reports:</p>
	<blockquote cite="http://www.kde.org/info/security/advisory-20140618-1.txt">
	  <p>The POP3 kioslave used by KMail will accept invalid
	  certificates without presenting a dialog to the user due a
	  bug that leads to an inability to display the dialog
	  combined with an error in the way the result is checked.</p>
	  <p>This flaw allows an active attacker to perform MITM
	  attacks against the ioslave which could result in the leakage of
	  sensitive data such as the authentication details and the contents of
	  emails.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3494</cvename>
      <bid>68113</bid>
      <mlist>http://lists.kde.org/?l=kde-announce&amp;m=140312275318160&amp;w=2</mlist>
    </references>
    <dates>
      <discovery>2014-06-17</discovery>
      <entry>2014-07-16</entry>
    </dates>
  </vuln>

  <vuln vid="ff98087f-0a8f-11e4-b00b-5453ed2e2b49">
    <topic>postfixadmin -- SQL injection vulnerability</topic>
    <affects>
      <package>
	<name>postfixadmin</name>
	<range><lt>2.3.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Thijs Kinkhorst reports:</p>
	<blockquote cite="http://www.openwall.com/lists/oss-security/2014/03/26/6">
	  <p>Postfixadmin has an SQL injection vulnerability. This
	    vulnerability is only exploitable by authenticated users able to
	    create new aliases.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-2655</cvename>
      <bid>66455</bid>
      <freebsdpr>ports/189248</freebsdpr>
      <mlist>http://www.openwall.com/lists/oss-security/2014/03/26/6</mlist>
      <url>https://www.debian.org/security/2014/dsa-2889</url>
    </references>
    <dates>
      <discovery>2014-03-28</discovery>
      <entry>2014-07-13</entry>
      <modified>2015-09-28</modified>
    </dates>
  </vuln>

  <vuln vid="e6a7636a-02d0-11e4-88b6-080027671656">
    <topic>dbus -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>dbus</name>
	<range><lt>1.8.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon McVittie reports:</p>
	<blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-July/016235.html">
	  <p>Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's
	    support for file descriptor passing. A malicious process could
	    force system services or user applications to be disconnected
	    from the D-Bus system bus by sending them a message containing
	    a file descriptor, then causing that file descriptor to exceed
	    the kernel's maximum recursion depth (itself introduced to fix
	    a DoS) before dbus-daemon forwards the message to the victim
	    process. Most services and applications exit when disconnected
	    from the system bus, leading to a denial of service.</p>
	  <p>Additionally, Alban discovered that bug fd.o#79694, a bug
	    previously reported by Alejandro Martínez Suárez which was n
	    believed to be security flaw, could be used for a similar denial
	    of service, by causing dbus-daemon to attempt to forward invalid
	    file descriptors to a victim process when file descriptors become
	    associated with the wrong message.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3532</cvename>
      <cvename>CVE-2014-3533</cvename>
      <url>http://lists.freedesktop.org/archives/dbus/2014-July/016235.html</url>
    </references>
    <dates>
      <discovery>2014-07-02</discovery>
      <entry>2014-07-03</entry>
    </dates>
  </vuln>

  <vuln vid="17dfd984-feba-11e3-b938-5404a68ad561">
    <topic>mencoder -- potential buffer overrun when processing malicious lzo compressed input</topic>
    <affects>
      <package>
	<name>mencoder</name>
	<range><lt>1.1.r20140418_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Michael Niedermayer and Luca Barbato report in upstream ffmpeg:</p>
	<blockquote>
	  <p>avutil/lzo: Fix integer overflow</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccda51b14c0fcae2fad73a24872dce75a7964996</url>
      <url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee</url>
      <cvename>CVE-2014-4610</cvename>
    </references>
    <dates>
      <discovery>2014-06-24</discovery>
      <entry>2014-06-28</entry>
    </dates>
  </vuln>

  <vuln vid="9ab3a22c-feb8-11e3-b938-5404a68ad561">
    <topic>mplayer -- potential buffer overrun when processing malicious lzo compressed input</topic>
    <affects>
      <package>
	<name>mplayer</name>
	<range><lt>1.1.r20140418_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Michael Niedermayer and Luca Barbato report in upstream ffmpeg:</p>
	<blockquote>
	  <p>avutil/lzo: Fix integer overflow</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccda51b14c0fcae2fad73a24872dce75a7964996</url>
      <url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee</url>
      <cvename>CVE-2014-4610</cvename>
    </references>
    <dates>
      <discovery>2014-06-24</discovery>
      <entry>2014-06-28</entry>
    </dates>
  </vuln>

  <vuln vid="d1f5e12a-fd5a-11e3-a108-080027ef73ec">
    <topic>LZO -- potential buffer overrun when processing malicious input data</topic>
    <affects>
      <package>
	<name>lzo2</name>
	<range><lt>2.07</lt></range>
      </package>
      <package>
	<name>busybox</name>
	<range><lt>1.22.1_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Markus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file:</p>
	<blockquote>
	  <p>Fixed a potential integer overflow condition in the "safe"
	    decompressor variants which could result in a possible buffer
	    overrun when processing maliciously crafted compressed input
	    data.</p>

	  <p>As this issue only affects 32-bit systems and also can only happen
	    if you use uncommonly huge buffer sizes where you have to decompress
	    more than 16 MiB (2^24 bytes) compressed bytes within a single
	    function call, the practical implications are limited.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.oberhumer.com/opensource/lzo/download/lzo-2.07.tar.gz</url>
      <cvename>CVE-2014-4608</cvename>
    </references>
    <dates>
      <discovery>2014-06-25</discovery>
      <entry>2014-06-26</entry>
      <modified>2015-01-06</modified>
    </dates>
  </vuln>

  <vuln vid="1c840eb9-fb32-11e3-866e-b499baab0cbe">
    <topic>gnupg -- possible DoS using garbled compressed data packets</topic>
    <affects>
      <package>
	<name>gnupg1</name>
	<range><lt>1.4.17</lt></range>
      </package>
      <package>
	<name>gnupg</name>
	<range><lt>2.0.24</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Werner Koch reports:</p>
	<blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html">
	  <p>This release includes a *security fix* to stop
	    a possible DoS using garbled compressed data packets which can be used
	    to put gpg into an infinite loop.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html</url>
      <url>http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html</url>
    </references>
    <dates>
      <discovery>2014-06-23</discovery>
      <entry>2014-06-23</entry>
    </dates>
  </vuln>

  <vuln vid="6ad309d9-fb03-11e3-bebd-000c2980a9f3">
    <topic>samba -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>samba36</name>
	<range><lt>3.6.24</lt></range>
      </package>
      <package>
	<name>samba4</name>
	<range><lt>4.0.19</lt></range>
      </package>
      <package>
	<name>samba41</name>
	<range><lt>4.1.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The samba project reports:</p>
	<blockquote cite="https://www.samba.org/samba/history/">
	  <p>A malformed packet can cause the nmbd server to loop the CPU and
	    prevent any further NetBIOS name service.</p>
	  <p>Valid unicode path names stored on disk can cause smbd to
	    crash if an authenticated client attempts to read them
	    using a non-unicode request.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0244</cvename>
      <cvename>CVE-2014-3493</cvename>
      <url>https://www.samba.org/samba/security/CVE-2014-0244</url>
      <url>https://www.samba.org/samba/security/CVE-2014-3493</url>
    </references>
    <dates>
      <discovery>2014-06-23</discovery>
      <entry>2014-06-23</entry>
    </dates>
  </vuln>

  <vuln vid="c4892644-f8c6-11e3-9f45-6805ca0b3d42">
    <topic>phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><ge>4.1.0</ge><lt>4.2.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php">
	  <p>Self-XSS due to unescaped HTML output in recent/favorite
	    tables navigation.</p>

	  <p>When marking a crafted database or table name as
	    favorite or having it in recent tables, it is possible to
	    trigger an XSS.</p>


	  <p>This vulnerability can be triggered only by someone who
	    logged in to phpMyAdmin, as the usual token protection
	    prevents non-logged-in users from accessing the required
	    form.</p>

	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php">
	  <p>Self-XSS due to unescaped HTML output in navigation items
	    hiding feature.</p>

	  <p>When hiding or unhiding a crafted table name in the
	    navigation, it is possible to trigger an XSS.</p>

	  <p>This vulnerability can be triggered only by someone who
	    logged in to phpMyAdmin, as the usual token protection
	    prevents non-logged-in users from accessing the required
	    form.</p>
	</blockquote>
    </body>
    </description>
    <references>
      <cvename>CVE-2014-4348</cvename>
      <cvename>CVE-2014-4349</cvename>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php</url>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php</url>
    </references>
    <dates>
      <discovery>2014-06-20</discovery>
      <entry>2014-06-20</entry>
      <modified>2014-06-24</modified>
    </dates>
  </vuln>

  <vuln vid="0981958a-f733-11e3-8276-071f1604ef8a">
    <topic>iodined -- authentication bypass</topic>
    <affects>
      <package>
	<name>iodine</name>
	<range><lt>0.7.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Erik Ekman of the iodine project reports:</p>
    <blockquote cite="https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850">
	<p>The client could bypass the password check by continuing after
	    getting error from the server and guessing the network parameters.
	    The server would still accept the rest of the setup and also network
	    traffic.</p>
	</blockquote>
      </body>
    </description>
    <references>
	<url>https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850</url>
    </references>
    <dates>
      <discovery>2014-06-16</discovery>
      <entry>2014-06-18</entry>
    </dates>
  </vuln>

  <vuln vid="f109b02f-f5a4-11e3-82e9-00a098b18457">
    <topic>asterisk -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>asterisk11</name>
	<range><lt>11.10.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><lt>1.8.28.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/security">
	  <p>Asterisk Manager User Unauthorized Shell Access. Manager users can
	    execute arbitrary shell commands with the MixMonitor manager action.
	    Asterisk does not require system class authorization for a manager
	    user to use the MixMonitor action, so any manager user who is
	    permitted to use manager commands can potentially execute shell
	    commands as the user executing the Asterisk process.</p>
	  <p>Exhaustion of Allowed Concurrent HTTP Connections. Establishing a
	    TCP or TLS connection to the configured HTTP or HTTPS port
	    respectively in http.conf and then not sending or completing a HTTP
	    request will tie up a HTTP session. By doing this repeatedly until the
	    maximum number of open HTTP sessions is reached, legitimate requests
	    are blocked.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-4046</cvename>
      <cvename>CVE-2014-4047</cvename>
      <url>http://downloads.asterisk.org/pub/security/AST-2014-006.pdf</url>
      <url>http://downloads.asterisk.org/pub/security/AST-2014-007.pdf</url>
      <url>https://www.asterisk.org/security</url>
    </references>
    <dates>
      <discovery>2014-06-12</discovery>
      <entry>2014-06-17</entry>
    </dates>
  </vuln>

  <vuln vid="52bbc7e8-f13c-11e3-bc09-bcaec565249c">
    <topic>dbus -- local DoS</topic>
    <affects>
      <package>
	<name>dbus</name>
	<range><ge>1.8.0</ge><lt>1.8.4</lt></range>
	<range><lt>1.6.20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon MvVittie reports:</p>
	<blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-June/016220.html">
	  <p>Alban Crequy at Collabora Ltd. discovered and fixed a
	    denial-of-service flaw in dbus-daemon, part of the reference
	    implementation of D-Bus.  Additionally, in highly unusual
	    environments the same flaw could lead to a side channel between
	    processes that should not be able to communicate.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3477</cvename>
      <url>http://lists.freedesktop.org/archives/dbus/2014-June/016220.html</url>
    </references>
    <dates>
      <discovery>2014-06-10</discovery>
      <entry>2014-06-14</entry>
    </dates>
  </vuln>

  <vuln vid="888a0262-f0d9-11e3-ba0c-b4b52fce4ce8">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>30.0,1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>24.6.0,1</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><lt>2.26.1</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>30.0,1</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><lt>2.26.1</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>24.6.0</lt></range>
      </package>
      <package>
	<name>nspr</name>
	<range><lt>4.10.6</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>24.6.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2014-48 Miscellaneous memory safety hazards
	    (rv:30.0 / rv:24.6)</p>
	  <p>MFSA 2014-49 Use-after-free and out of bounds
	    issues found using Address Sanitizer</p>
	  <p>MFSA 2014-51 Use-after-free in Event Listener
	    Manager</p>
	  <p>MFSA 2014-52 Use-after-free with SMIL Animation
	    Controller</p>
	  <p>MFSA 2014-53 Buffer overflow in Web Audio Speex
	    resampler</p>
	  <p>MFSA 2014-54 Buffer overflow in Gamepad API</p>
	  <p>MFSA 2014-55 Out of bounds write in NSPR</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1533</cvename>
      <cvename>CVE-2014-1534</cvename>
      <cvename>CVE-2014-1536</cvename>
      <cvename>CVE-2014-1537</cvename>
      <cvename>CVE-2014-1540</cvename>
      <cvename>CVE-2014-1541</cvename>
      <cvename>CVE-2014-1542</cvename>
      <cvename>CVE-2014-1543</cvename>
      <cvename>CVE-2014-1545</cvename>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-48.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-49.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-51.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-52.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-53.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-54.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-55.html</url>
    </references>
    <dates>
      <discovery>2014-06-10</discovery>
      <entry>2014-06-10</entry>
    </dates>
  </vuln>

  <vuln vid="5ac53801-ec2e-11e3-9cf3-3c970e169bc2">
    <topic>OpenSSL -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><ge>1.0.1</ge><lt>1.0.1_13</lt></range>
      </package>
      <package>
	<name>mingw32-openssl</name>
	<range><ge>1.0.1</ge><lt>1.0.1h</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>8.0</ge><lt>8.4_12</lt></range>
	<range><ge>9.1</ge><lt>9.1_15</lt></range>
	<range><ge>9.2</ge><lt>9.2_8</lt></range>
	<range><ge>10.0</ge><lt>10.0_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL Project reports:</p>
	<blockquote cite="http://www.openssl.org/news/secadv_20140605.txt">
	  <p>An attacker using a carefully crafted handshake can force
	    the use of weak keying material in OpenSSL SSL/TLS clients
	    and servers. This can be exploited by a Man-in-the-middle
	    (MITM) attack where the attacker can decrypt and modify
	    traffic from the attacked client and server. [CVE-2014-0224]</p>
	  <p>By sending an invalid DTLS handshake to an OpenSSL DTLS
	    client the code can be made to recurse eventually crashing
	    in a DoS attack. [CVE-2014-0221]</p>
	  <p>A buffer overrun attack can be triggered by sending invalid
	    DTLS fragments to an OpenSSL DTLS client or server. This is
	    potentially exploitable to run arbitrary code on a vulnerable
	    client or server. [CVE-2014-0195]</p>
	  <p>OpenSSL TLS clients enabling anonymous ECDH ciphersuites are
	    subject to a denial of service attack. [CVE-2014-3470]</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0195</cvename>
      <cvename>CVE-2014-0221</cvename>
      <cvename>CVE-2014-0224</cvename>
      <cvename>CVE-2014-3470</cvename>
      <freebsdsa>SA-14:14.openssl</freebsdsa>
      <url>http://www.openssl.org/news/secadv_20140605.txt</url>
    </references>
    <dates>
      <discovery>2014-06-05</discovery>
      <entry>2014-06-05</entry>
    </dates>
  </vuln>

  <vuln vid="9733c480-ebff-11e3-970b-206a8a720317">
    <topic>gnutls -- client-side memory corruption</topic>
    <affects>
      <package>
	<name>gnutls</name>
	<range><lt>2.12.23_6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>GnuTLS project reports:</p>
	<blockquote cite="www.gnutls.org/security.html#GNUTLS-SA-2014-3">
	  <p>This vulnerability affects the client side of the gnutls library.
	    A server that sends a specially crafted ServerHello could corrupt
	    the memory of a requesting client.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3466</cvename>
      <url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</url>
    </references>
    <dates>
      <discovery>2014-05-14</discovery>
      <entry>2014-06-04</entry>
    </dates>
  </vuln>

  <vuln vid="027af74d-eb56-11e3-9032-000c2980a9f3">
    <topic>gnutls -- client-side memory corruption</topic>
    <affects>
      <package>
	<name>gnutls3</name>
	<range><ge>3.1</ge><lt>3.1.25</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>GnuTLS project reports:</p>
	<blockquote cite="www.gnutls.org/security.html#GNUTLS-SA-2014-3">
	  <p>This vulnerability affects the client side of the gnutls library.
	    A server that sends a specially crafted ServerHello could corrupt
	    the memory of a requesting client.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3466</cvename>
      <url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</url>
    </references>
    <dates>
      <discovery>2014-05-14</discovery>
      <entry>2014-06-03</entry>
    </dates>
  </vuln>

  <vuln vid="77e2e631-e742-11e3-9a25-5404a6a6412c">
    <topic>mumble -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mumble</name>
	<range><ge>1.2.0</ge><lt>1.2.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mumble reports:</p>
	<blockquote cite="http://blog.mumble.info/mumble-1-2-6/">
	  <p>SVG images with local file references could trigger client DoS</p>
	  <p>The Mumble client did not properly HTML-escape some external strings
	    before using them in a rich-text (HTML) context.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://mumble.info/security/Mumble-SA-2014-005.txt</url>
      <url>http://mumble.info/security/Mumble-SA-2014-006.txt</url>
    </references>
    <dates>
      <discovery>2014-04-16</discovery>
      <entry>2014-05-29</entry>
    </dates>
  </vuln>

  <vuln vid="c2c8c84b-e734-11e3-9a25-5404a6a6412c">
    <topic>mumble -- NULL pointer dereference and heap-based buffer overflow</topic>
    <affects>
      <package>
	<name>mumble</name>
	<range><ge>1.2.4</ge><le>1.2.4_6</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mumble reports:</p>
	<blockquote cite="http://blog.mumble.info/mumble-1-2-5/">
	  <p>A malformed Opus voice packet sent to a Mumble client could trigger
	    a NULL pointer dereference or an out-of-bounds array access.</p>
	  <p>A malformed Opus voice packet sent to a Mumble client could trigger a
	    heap-based buffer overflow.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0044</cvename>
      <cvename>CVE-2014-0045</cvename>
      <url>http://mumble.info/security/Mumble-SA-2014-001.txt</url>
      <url>http://mumble.info/security/Mumble-SA-2014-002.txt</url>
    </references>
    <dates>
      <discovery>2014-01-25</discovery>
      <entry>2014-05-29</entry>
    </dates>
  </vuln>

  <vuln vid="f99a4686-e694-11e3-9032-000c2980a9f3">
    <cancelled/>
  </vuln>

  <vuln vid="688e73a2-e514-11e3-a52a-98fc11cdc4f5">
    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>linux-f10-flashplugin</name>
	<range><lt>11.2r202.359</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe reports:</p>
	<blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb14-14.html">
	  <p>These updates address vulnerabilities that could cause a crash
	    and potentially allow an attacker to take control of the affected system.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0510</cvename>
      <cvename>CVE-2014-0516</cvename>
      <cvename>CVE-2014-0517</cvename>
      <cvename>CVE-2014-0518</cvename>
      <cvename>CVE-2014-0519</cvename>
      <cvename>CVE-2014-0520</cvename>
      <url>https://helpx.adobe.com/security/products/flash-player/apsb14-14.html</url>
    </references>
    <dates>
      <discovery>2014-03-13</discovery>
      <entry>2014-05-26</entry>
    </dates>
  </vuln>

  <vuln vid="02db20d7-e34a-11e3-bd92-bcaec565249c">
    <topic>openjpeg -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openjpeg</name>
	<range><lt>1.5.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Openjpeg release notes report:</p>
	<blockquote cite="http://openjpeg.googlecode.com/svn/tags/version.1.5.1/NEWS">
	  <p>That CVE-2012-3535 and CVE-2012-3358 are fixed in the 1.5.1
	    release.</p>
	</blockquote>
	<blockquote cite="http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS">
	  <p>That CVE-2013-4289, CVE-2013-4290, CVE-2013-1447, CVE-2013-6045,
	    CVE-2013-6052, CVE-2013-6054, CVE-2013-6053, CVE-2013-6887,
	    where fixed in the 1.5.2 release.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2012-3358</cvename>
      <cvename>CVE-2012-3535</cvename>
      <cvename>CVE-2013-1447</cvename>
      <cvename>CVE-2013-4289</cvename>
      <cvename>CVE-2013-4290</cvename>
      <cvename>CVE-2013-6045</cvename>
      <cvename>CVE-2013-6052</cvename>
      <cvename>CVE-2013-6053</cvename>
      <cvename>CVE-2013-6054</cvename>
      <cvename>CVE-2013-6887</cvename>
      <url>http://openjpeg.googlecode.com/svn/tags/version.1.5.1/NEWS</url>
      <url>http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS</url>
    </references>
    <dates>
      <discovery>2012-05-13</discovery>
      <entry>2014-05-24</entry>
    </dates>
  </vuln>

  <vuln vid="b060ee50-daba-11e3-99f2-bcaec565249c">
    <topic>libXfont -- X Font Service Protocol and Font metadata file handling issues</topic>
    <affects>
      <package>
	<name>libXfont</name>
	<range><lt>1.4.7_3</lt></range>
      </package>
      <package>
	<name>linux-c6-xorg-libs</name>
	<range><lt>7.4_2</lt></range>
      </package>
      <package>
	<name>linux-f10-xorg-libs</name>
	<range><ge>*</ge></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Alan Coopersmith reports:</p>
	<blockquote cite="http://lists.x.org/archives/xorg-announce/2014-May/002431.html">
	  <p>Ilja van Sprundel, a security researcher with IOActive, has
	    discovered several issues in the way the libXfont library
	    handles the responses it receives from xfs servers, and has
	    worked with X.Org's security team to analyze, confirm, and fix
	    these issues.</p>
	  <p>Most of these issues stem from libXfont trusting the font server
	    to send valid protocol data, and not verifying that the values
	    will not overflow or cause other damage.  This code is commonly
	    called from the X server when an X Font Server is active in the
	    font path, so may be running in a setuid-root process depending
	    on the X server in use.  Exploits of this path could be used by
	    a local, authenticated user to attempt to raise privileges; or
	    by a remote attacker who can control the font server to attempt
	    to execute code with the privileges of the X server.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0209</cvename>
      <cvename>CVE-2014-0210</cvename>
      <cvename>CVE-2014-0211</cvename>
      <url>http://lists.x.org/archives/xorg-announce/2014-May/002431.html</url>
    </references>
    <dates>
      <discovery>2014-05-13</discovery>
      <entry>2014-05-13</entry>
      <modified>2015-07-15</modified>
    </dates>
  </vuln>

  <vuln vid="e7bb3885-da40-11e3-9ecb-2c4138874f7d">
    <topic>libxml2 -- lack of end-of-document check DoS</topic>
    <affects>
      <package>
	<name>libxml2</name>
	<range><lt>2.9.1</lt></range>
      </package>
      <package>
	<name>linux-c6-libxml2</name>
	<range><lt>2.7.6_2</lt></range>
      </package>
      <package>
	<name>linux-f10-libxml2</name>
	<range><ge>*</ge></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>CVE MITRE reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877">
	  <p>parser.c in libxml2 before 2.9.0, as used in Google
	     Chrome before 28.0.1500.71 and other products, allows remote
	     attackers to cause a denial of service (out-of-bounds read)
	     via a document that ends abruptly, related to the lack of
	     certain checks for the XML_PARSER_EOF state.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-2877</cvename>
      <url>https://git.gnome.org/browse/libxml2/tag/?id=CVE-2013-2877</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877</url>
      <url>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877</url>
    </references>
    <dates>
      <discovery>2013-04-11</discovery>
      <entry>2013-07-10</entry>
      <modified>2015-07-15</modified>
    </dates>
  </vuln>

  <vuln vid="efdd0edc-da3d-11e3-9ecb-2c4138874f7d">
    <topic>libxml2 -- entity substitution DoS</topic>
    <affects>
      <package>
	<name>libxml2</name>
	<range><lt>2.9.1</lt></range>
      </package>
      <package>
	<name>linux-c6-libxml2</name>
	<range><lt>2.7.6_2</lt></range>
      </package>
      <package>
	<name>linux-f10-libxml2</name>
	<range><ge>*</ge></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Stefan Cornelius reports:</p>
	<blockquote cite="http://www.openwall.com/lists/oss-security/2014/05/06/4">
	  <p>It was discovered that libxml2, a library providing
	     support to read, modify and write XML files, incorrectly
	     performs entity substitution in the doctype prolog, even if
	     the application using libxml2 disabled any entity
	     substitution.  A remote attacker could provide a
	     specially-crafted XML file that, when processed, would lead
	     to the exhaustion of CPU and memory resources or file
	     descriptors.</p>
	  <p>This issue was discovered by Daniel Berrange of Red Hat.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0191</cvename>
      <url>http://www.openwall.com/lists/oss-security/2014/05/06/4</url>
      <url>https://git.gnome.org/browse/libxml2/tag/?id=CVE-2014-0191</url>
      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191</url>
    </references>
    <dates>
      <discovery>2013-12-03</discovery>
      <entry>2014-05-06</entry>
      <modified>2015-07-15</modified>
    </dates>
  </vuln>

  <vuln vid="1959e847-d4f0-11e3-84b0-0018fe623f2b">
    <topic>OpenSSL -- NULL pointer dereference / DoS</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><ge>1.0.1</ge><lt>1.0.1_12</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>10.0</ge><lt>10.0_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenBSD and David Ramos reports:</p>
	<blockquote cite="http://www.openwall.com/lists/oss-security/2014/05/02/5">
	  <p>Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx/apache,
	  are prone to a race condition which may allow a remote attacker to
	  crash the current service.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.openwall.com/lists/oss-security/2014/05/02/5</url>
      <url>https://rt.openssl.org/Ticket/Display.html?user=guest&amp;pass=guest&amp;id=3321</url>
      <freebsdsa>SA-14:10.openssl</freebsdsa>
      <cvename>CVE-2014-0198</cvename>
    </references>
    <dates>
      <discovery>2014-05-02</discovery>
      <entry>2014-05-03</entry>
      <modified>2016-08-09</modified>
    </dates>
  </vuln>

  <vuln vid="89709e58-d497-11e3-a3d5-5453ed2e2b49">
    <topic>qt4-xml -- XML Entity Expansion Denial of Service</topic>
    <affects>
      <package>
	<name>qt4-xml</name>
	<range><lt>4.8.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Richard J. Moore reports:</p>
	<blockquote cite="http://lists.qt-project.org/pipermail/announce/2013-December/000036.html">
	  <p>QXmlSimpleReader in Qt versions prior to 5.2 supports
	    expansion of internal entities in XML documents without
	    placing restrictions to ensure the document does not cause
	    excessive memory usage. If an application using this API
	    processes untrusted data then the application may use
	    unexpected amounts of memory if a malicious document is
	    processed.</p>
	  <p>It is possible to construct XML documents using internal
	    entities that consume large amounts of memory and other
	    resources to process, this is known as the 'Billion Laughs'
	    attack. Qt versions prior to 5.2 did not offer protection
	    against this issue.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-4549</cvename>
      <url>http://lists.qt-project.org/pipermail/announce/2013-December/000036.html</url>
    </references>
    <dates>
      <discovery>2013-12-05</discovery>
      <entry>2014-05-05</entry>
    </dates>
  </vuln>

  <vuln vid="6fb521b0-d388-11e3-a790-000c2980a9f3">
    <topic>strongswan -- Remote Authentication Bypass</topic>
    <affects>
      <package>
	<name>strongswan</name>
	<range><lt>5.1.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>strongSwan developers report:</p>
	<blockquote cite="www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-(cve-2014-2338).html">
	  <p>Remote attackers are able to bypass authentication by rekeying an
	    IKE_SA during (1) initiation or (2) re-authentication, which
	    triggers the IKE_SA state to be set to established.</p>
	  <p>Only installations that actively initiate or re-authenticate IKEv2
	    IKE_SAs are affected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-2338</cvename>
      <url>http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html</url>
    </references>
    <dates>
      <discovery>2014-03-12</discovery>
      <entry>2014-05-04</entry>
    </dates>
  </vuln>

  <vuln vid="670d732a-cdd4-11e3-aac2-0022fb6fcf92">
    <topic>mohawk -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mohawk</name>
	<range><lt>2.0.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The mohawk project reports:</p>
	<blockquote cite="http://fossil.bsdsx.fr/mohawk/tktview?name=1707f0e351">
	  <p>Segfault when parsing malformed / unescaped url, coredump when setting syslog facility.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://fossil.bsdsx.fr/mohawk/tktview?name=1707f0e351</url>
      <url>http://fossil.bsdsx.fr/mohawk/tktview?name=1c7565019e</url>
    </references>
    <dates>
      <discovery>2014-04-10</discovery>
      <entry>2014-04-30</entry>
    </dates>
  </vuln>

  <vuln vid="985d4d6c-cfbd-11e3-a003-b4b52fce4ce8">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>29.0,1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>24.5.0,1</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>29.0,1</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><lt>2.26</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>24.5.0</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><lt>2.26</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>24.5.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2014-34 Miscellaneous memory safety hazards
	    (rv:29.0 / rv:24.5)</p>
	  <p>MFSA 2014-35 Privilege escalation through Mozilla Maintenance
	    Service Installer</p>
	  <p>MFSA 2014-36 Web Audio memory corruption issues</p>
	  <p>MFSA 2014-37 Out of bounds read while decoding JPG images</p>
	  <p>MFSA 2014-38 Buffer overflow when using non-XBL object as
	    XBL</p>
	  <p>MFSA 2014-39 Use-after-free in the Text Track Manager
	    for HTML video</p>
	  <p>MFSA 2014-41 Out-of-bounds write in Cairo</p>
	  <p>MFSA 2014-42 Privilege escalation through Web Notification
	    API</p>
	  <p>MFSA 2014-43 Cross-site scripting (XSS) using history
	    navigations</p>
	  <p>MFSA 2014-44 Use-after-free in imgLoader while resizing
	    images</p>
	  <p>MFSA 2014-45 Incorrect IDNA domain name matching for
	    wildcard certificates</p>
	  <p>MFSA 2014-46 Use-after-free in nsHostResolve</p>
	  <p>MFSA 2014-47 Debugger can bypass XrayWrappers
	    with JavaScript</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1492</cvename>
      <cvename>CVE-2014-1518</cvename>
      <cvename>CVE-2014-1519</cvename>
      <cvename>CVE-2014-1520</cvename>
      <cvename>CVE-2014-1522</cvename>
      <cvename>CVE-2014-1523</cvename>
      <cvename>CVE-2014-1524</cvename>
      <cvename>CVE-2014-1525</cvename>
      <cvename>CVE-2014-1526</cvename>
      <cvename>CVE-2014-1527</cvename>
      <cvename>CVE-2014-1528</cvename>
      <cvename>CVE-2014-1529</cvename>
      <cvename>CVE-2014-1530</cvename>
      <cvename>CVE-2014-1531</cvename>
      <cvename>CVE-2014-1532</cvename>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-34.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-35.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-36.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-37.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-38.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-39.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-41.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-42.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-43.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-44.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-45.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-46.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-47.html</url>
      <url>http://www.mozilla.org/security/known-vulnerabilities/</url>
    </references>
    <dates>
      <discovery>2014-04-29</discovery>
      <entry>2014-04-29</entry>
    </dates>
  </vuln>

  <vuln vid="59e72db2-cae6-11e3-8420-00e0814cab4e">
    <topic>django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py26-django</name>
	<range><ge>1.6</ge><lt>1.6.3</lt></range>
      </package>
      <package>
	<name>py27-django</name>
	<range><ge>1.6</ge><lt>1.6.3</lt></range>
      </package>
      <package>
	<name>py31-django</name>
	<range><ge>1.6</ge><lt>1.6.3</lt></range>
      </package>
      <package>
	<name>py32-django</name>
	<range><ge>1.6</ge><lt>1.6.3</lt></range>
      </package>
      <package>
	<name>py33-django</name>
	<range><ge>1.6</ge><lt>1.6.3</lt></range>
      </package>
      <package>
	<name>py34-django</name>
	<range><ge>1.6</ge><lt>1.6.3</lt></range>
      </package>
      <package>
	<name>py26-django15</name>
	<range><ge>1.5</ge><lt>1.5.6</lt></range>
      </package>
      <package>
	<name>py27-django15</name>
	<range><ge>1.5</ge><lt>1.5.6</lt></range>
      </package>
      <package>
	<name>py31-django15</name>
	<range><ge>1.5</ge><lt>1.5.6</lt></range>
      </package>
      <package>
	<name>py32-django15</name>
	<range><ge>1.5</ge><lt>1.5.6</lt></range>
      </package>
      <package>
	<name>py33-django15</name>
	<range><ge>1.5</ge><lt>1.5.6</lt></range>
      </package>
      <package>
	<name>py34-django15</name>
	<range><ge>1.5</ge><lt>1.5.6</lt></range>
      </package>
      <package>
	<name>py26-django14</name>
	<range><ge>1.4</ge><lt>1.4.11</lt></range>
      </package>
      <package>
	<name>py27-django14</name>
	<range><ge>1.4</ge><lt>1.4.11</lt></range>
      </package>
      <package>
	<name>py31-django14</name>
	<range><ge>1.4</ge><lt>1.4.11</lt></range>
      </package>
      <package>
	<name>py32-django14</name>
	<range><ge>1.4</ge><lt>1.4.11</lt></range>
      </package>
      <package>
	<name>py33-django14</name>
	<range><ge>1.4</ge><lt>1.4.11</lt></range>
      </package>
      <package>
	<name>py34-django14</name>
	<range><ge>1.4</ge><lt>1.4.11</lt></range>
      </package>
      <package>
	<name>py26-django-devel</name>
	<range><lt>20140423,1</lt></range>
      </package>
      <package>
	<name>py27-django-devel</name>
	<range><lt>20140423,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Django project reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2014/apr/21/security/">
	  <p>These releases address an unexpected code-execution issue, a
	    caching issue which can expose CSRF tokens and a MySQL typecasting
	    issue. While these issues present limited risk and may not affect
	    all Django users, we encourage all users to evaluate their own
	    risk and upgrade as soon as possible.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.djangoproject.com/weblog/2014/apr/21/security/</url>
      <cvename>CVE-2014-0472</cvename>
      <cvename>CVE-2014-0473</cvename>
      <cvename>CVE-2014-0474</cvename>
    </references>
    <dates>
      <discovery>2014-04-21</discovery>
      <entry>2014-04-23</entry>
      <modified>2014-04-30</modified>
    </dates>
  </vuln>

  <vuln vid="0b8d7194-ca88-11e3-9d8d-c80aa9043978">
    <topic>OpenSSL -- Remote Data Injection / DoS</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><ge>1.0.1</ge><lt>1.0.1_11</lt></range>
      </package>
      <package>
	<name>mingw32-openssl</name>
	<range><ge>1.0.1</ge><le>1.0.1g</le></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>10.0</ge><lt>10.0_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx, are
	  prone to a race condition which may allow a remote attacker to
	  inject random data into other connections.</p>
      </body>
    </description>
    <references>
      <url>https://rt.openssl.org/Ticket/Display.html?id=2167</url>
      <url>http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse</url>
      <freebsdsa>SA-14:09.openssl</freebsdsa>
      <cvename>CVE-2010-5298</cvename>
    </references>
    <dates>
      <discovery>2010-02-09</discovery>
      <entry>2014-04-23</entry>
      <modified>2016-08-09</modified>
    </dates>
  </vuln>

  <vuln vid="608ed765-c700-11e3-848c-20cf30e32f6d">
    <topic>bugzilla -- Cross-Site Request Forgery</topic>
    <affects>
      <package>
	<name>bugzilla40</name>
	<range><ge>2.0.0</ge><lt>4.4.3</lt></range>
      </package>
      <package>
	<name>bugzilla42</name>
	<range><ge>2.0.0</ge><lt>4.4.3</lt></range>
      </package>
      <package>
	<name>bugzilla44</name>
	<range><ge>2.0.0</ge><lt>4.4.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>A Bugzilla Security Advisory reports:</h1>
	<blockquote cite="http://www.bugzilla.org/security/4.0.11/">
	  <p>The login form had no CSRF protection, meaning that
	    an attacker could force the victim to log in using the
	    attacker's credentials. If the victim then reports a new
	    security sensitive bug, the attacker would get immediate
	    access to this bug.</p>
	  <p>
	    Due to changes involved in the Bugzilla API, this fix is
	    not backported to the 4.0 and 4.2 branches, meaning that
	    Bugzilla 4.0.12 and older, and 4.2.8 and older, will
	    remain vulnerable to this issue.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1517</cvename>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=713926</url>
    </references>
    <dates>
      <discovery>2014-04-17</discovery>
      <entry>2014-04-18</entry>
      <modified>2014-04-18</modified>
    </dates>
  </vuln>

  <vuln vid="60bfa396-c702-11e3-848c-20cf30e32f6d">
    <topic>bugzilla -- Social Engineering</topic>
    <affects>
      <package>
	<name>bugzilla40</name>
	<range><ge>2.0.0</ge><lt>4.0.12</lt></range>
      </package>
      <package>
	<name>bugzilla42</name>
	<range><ge>4.1.1</ge><lt>4.2.8</lt></range>
      </package>
      <package>
	<name>bugzilla44</name>
	<range><ge>4.4.0</ge><lt>4.4.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>A Bugzilla Security Advisory reports:</h1>
	<blockquote cite="http://www.bugzilla.org/security/4.0.11/">
	  <p>Dangerous control characters can be inserted into
	    Bugzilla, notably into bug comments. If the text, which
	    may look safe, is copied into a terminal such as xterm or
	    gnome-terminal, then unexpected commands could be executed
	    on the local machine.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=968576</url>
    </references>
    <dates>
      <discovery>2014-04-17</discovery>
      <entry>2014-04-18</entry>
      <modified>2014-04-18</modified>
    </dates>
  </vuln>

  <vuln vid="abad20bf-c1b4-11e3-a5ac-001b21614864">
    <topic>OpenLDAP -- incorrect handling of NULL in certificate Common Name</topic>
    <affects>
      <package>
	<name>openldap24-client</name>
	<range><lt>2.4.18</lt></range>
      </package>
      <package>
	<name>linux-f10-openldap</name>
	<range><lt>2.4.18</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jan Lieskovsky reports:</p>
	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767">
	  <p>OpenLDAP does not properly handle a '\0' character in a domain name
	    in the subject's Common Name (CN) field of an X.509 certificate,
	    which allows man-in-the-middle attackers to spoof arbitrary SSL
	    servers via a crafted certificate issued by a legitimate
	    Certification Authority</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2009-3767</cvename>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767</url>
    </references>
    <dates>
      <discovery>2009-08-07</discovery>
      <entry>2014-04-11</entry>
    </dates>
  </vuln>

  <vuln vid="9aecb94c-c1ad-11e3-a5ac-001b21614864">
    <topic>cURL -- inappropriate GSSAPI delegation</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><ge>7.10.6</ge><le>7.21.6</le></range>
      </package>
      <package>
	<name>linux-f10-curl</name>
	<range><ge>7.10.6</ge><le>7.21.6</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>cURL reports:</p>
	<blockquote cite="http://curl.haxx.se/docs/adv_20110623.html">
	  <p>When doing GSSAPI authentication, libcurl unconditionally performs
	    credential delegation. This hands the server a copy of the client's
	    security credentials, allowing the server to impersonate the client
	    to any other using the same GSSAPI mechanism.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2192</cvename>
      <url>http://curl.haxx.se/docs/adv_20110623.html</url>
    </references>
    <dates>
      <discovery>2011-06-23</discovery>
      <entry>2014-04-11</entry>
      <modified>2014-04-30</modified>
    </dates>
  </vuln>

  <vuln vid="77bb0541-c1aa-11e3-a5ac-001b21614864">
    <topic>dbus-glib -- privledge escalation</topic>
    <affects>
      <package>
	<name>dbus-glib</name>
	<range><lt>0.100.1</lt></range>
      </package>
      <package>
	<name>linux-f10-dbus-glib</name>
	<range><lt>0.100.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Sebastian Krahmer reports:</p>
	<blockquote cite="https://bugs.freedesktop.org/show_bug.cgi?id=60916">
	  <p>A privilege escalation flaw was found in the way dbus-glib, the
	    D-Bus add-on library to integrate the standard D-Bus library with
	    the GLib thread abstraction and main loop, performed filtering of
	    the message sender (message source subject), when the
	    NameOwnerChanged signal was received. A local attacker could use
	    this flaw to escalate their privileges.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-0292</cvename>
      <url>https://bugs.freedesktop.org/show_bug.cgi?id=60916</url>
    </references>
    <dates>
      <discovery>2013-02-15</discovery>
      <entry>2014-04-11</entry>
      <modified>2014-04-30</modified>
    </dates>
  </vuln>

  <vuln vid="bf7912f5-c1a8-11e3-a5ac-001b21614864">
    <topic>nas -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>nas</name>
	<range><lt>1.9.4</lt></range>
      </package>
      <package>
	<name>linux-f10-nas-libs</name>
	<range><lt>1.9.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Hamid Zamani reports:</p>
	<blockquote cite="http://radscan.com/pipermail/nas/2013-August/001270.html">
	  <p>multiple security problems (buffer overflows, format string
	    vulnerabilities and missing input sanitising), which could lead to
	    the execution of arbitrary code.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-4256</cvename>
      <cvename>CVE-2013-4257</cvename>
      <cvename>CVE-2013-4258</cvename>
      <url>http://radscan.com/pipermail/nas/2013-August/001270.html</url>
    </references>
    <dates>
      <discovery>2013-08-07</discovery>
      <entry>2014-04-11</entry>
    </dates>
  </vuln>

  <vuln vid="09f47c51-c1a6-11e3-a5ac-001b21614864">
    <topic>libaudiofile -- heap-based overflow in Microsoft ADPCM compression module</topic>
    <affects>
      <package>
	<name>libaudiofile</name>
	<range><lt>0.2.7</lt></range>
      </package>
      <package>
	<name>linux-f10-libaudiofile</name>
	<range><lt>0.2.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Debian reports:</p>
	<blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205">
	  <p>Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile
	    0.2.6 allows context-dependent attackers to cause a denial of service
	    (application crash) or possibly execute arbitrary code via a crafted
	    WAV file.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0159</cvename>
      <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205</url>
    </references>
    <dates>
      <discovery>2008-12-30</discovery>
      <entry>2014-04-11</entry>
      <modified>2014-04-30</modified>
    </dates>
  </vuln>

  <vuln vid="972837fc-c304-11e3-8758-00262d5ed8ee">
    <topic>ChaSen -- buffer overflow</topic>
    <affects>
      <package>
	<name>chasen-base</name>
	<range><lt>2.4.5</lt></range>
      </package>
      <package>
	<name>chasen</name>
	<range><lt>2.4.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>JVN iPedia reports:</p>
	<blockquote cite="http://jvn.jp/en/jp/JVN16901583/index.html">
	  <p>ChaSen provided by Nara Institute of Science and Technology is a
	    software for morphologically analyzing Japanese. ChaSen contains an
	    issue when reading in strings, which may lead to a buffer
	    overflow.</p>
	  <p>An arbitrary script may be executed by an attacker with access to
	    a system that is running a product listed in "Products
	    Affected."</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-4000</cvename>
      <url>http://jvn.jp/en/jp/JVN16901583/index.html</url>
    </references>
    <dates>
      <discovery>2011-11-08</discovery>
      <entry>2014-04-13</entry>
    </dates>
  </vuln>

  <vuln vid="7ccd4def-c1be-11e3-9d09-000c2980a9f3">
    <topic>OpenSSL -- Local Information Disclosure</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><ge>1.0.1</ge><lt>1.0.1_10</lt></range>
      </package>
      <package>
	<name>mingw32-openssl</name>
	<range><ge>1.0.1</ge><lt>1.0.1g</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>8.3</ge><lt>8.3_15</lt></range>
	<range><ge>8.4</ge><lt>8.4_8</lt></range>
	<range><ge>9.1</ge><lt>9.1_11</lt></range>
	<range><ge>9.2</ge><lt>9.2_4</lt></range>
	<range><ge>10.0</ge><lt>10.0_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenSSL reports:</p>
	<blockquote cite="https://www.openssl.org/news/vulnerabilities.html#2014-0076">
	  <p>A flaw in the implementation of Montgomery Ladder Approach would
	    create a side-channel that leaks sensitive timing information.</p>
	  <p>A local attacker might be able to snoop a signing process and
	    might recover the signing key from it.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0076</cvename>
      <freebsdsa>SA-14:06.openssl</freebsdsa>
      <url>https://www.openssl.org/news/vulnerabilities.html#2014-0076</url>
    </references>
    <dates>
      <discovery>2014-04-07</discovery>
      <entry>2014-04-11</entry>
    </dates>
  </vuln>

  <vuln vid="c0c31b27-bff3-11e3-9d09-000c2980a9f3">
    <topic>openafs -- Denial of Service</topic>
    <affects>
      <package>
	<name>openafs</name>
	<range><ge>1.4.8</ge><lt>1.6.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenAFS development team reports:</p>
	<blockquote cite="http://openafs.org/security/OPENAFS-SA-2014-001.txt">
	  <p>An attacker with the ability to connect to an OpenAFS fileserver can
	    trigger a buffer overflow, crashing the server.</p>
	  <p>The buffer overflow can be triggered by sending an unauthenticated
	    request for file server statistical information.</p>
	  <p>Clients are not affected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0159</cvename>
      <url>http://openafs.org/security/OPENAFS-SA-2014-001.txt</url>
    </references>
    <dates>
      <discovery>2014-04-09</discovery>
      <entry>2014-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="5631ae98-be9e-11e3-b5e3-c80aa9043978">
    <topic>OpenSSL -- Remote Information Disclosure</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><ge>1.0.1</ge><lt>1.0.1_10</lt></range>
      </package>
      <package>
	<name>mingw32-openssl</name>
	<range><ge>1.0.1</ge><lt>1.0.1g</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>10.0</ge><lt>10.0_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenSSL Reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv_20140407.txt">
	  <p>A missing bounds check in the handling of the TLS heartbeat extension can be
	    used to reveal up to 64k of memory to a connected client or server.</p>
	  <p>Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
	    upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.</p>
	</blockquote>
	<blockquote cite="http://www.heartbleed.com">
	  <p>The bug allows anyone on the Internet to read the memory of the
	  systems protected by the vulnerable versions of the OpenSSL software.
	  This compromises the secret keys used to identify the service
	  providers and to encrypt the traffic, the names and passwords of the
	  users and the actual content. This allows attackers to eavesdrop
	  communications, steal data directly from the services and users and
	  to impersonate services and users.</p>
	</blockquote>
	<blockquote cite="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc">
	  <p>The code used to handle the Heartbeat Extension does not do
	    sufficient boundary checks on record length, which allows reading
	    beyond the actual payload.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0160</cvename>
      <freebsdsa>SA-14:06.openssl</freebsdsa>
      <url>https://www.openssl.org/news/secadv_20140407.txt</url>
      <url>https://www.openssl.org/news/vulnerabilities.html#2014-0076</url>
      <url>http://www.heartbleed.com</url>
    </references>
    <dates>
      <discovery>2014-04-07</discovery>
      <entry>2014-04-07</entry>
      <modified>2014-04-11</modified>
    </dates>
  </vuln>

  <vuln vid="ffa7c6e4-bb29-11e3-8136-60a44c524f57">
    <topic>otrs -- Clickjacking issue</topic>
    <affects>
      <package>
	<name>otrs</name>
	<range><lt>3.1.21</lt></range>
	<range><gt>3.2.*</gt><lt>3.2.16</lt></range>
	<range><gt>3.3.*</gt><lt>3.3.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OTRS Project reports:</p>
	<blockquote cite="http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/">
	  <p>An attacker could embed OTRS in a hidden iframe tag of another
	    page, tricking the user into clicking links in OTRS.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.w3.org/1999/xhtml</url>
      <cvename>CVE-2014-2554</cvename>
    </references>
    <dates>
      <discovery>2014-04-01</discovery>
      <entry>2014-04-03</entry>
    </dates>
  </vuln>

  <vuln vid="580cc46b-bb1e-11e3-b144-2c4138874f7d">
    <topic>LibYAML input sanitization errors</topic>
    <affects>
      <package>
	<name>libyaml</name>
	<range><lt>0.1.6</lt></range>
      </package>
      <package>
	<name>mingw32-libyaml</name>
	<range><lt>0.1.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>oCERT reports:</p>
	<blockquote cite="http://www.ocert.org/advisories/ocert-2014-003.html">
	  <p>The LibYAML project is an open source YAML 1.1 parser and
	    emitter written in C.</p>
	  <p>The library is affected by a heap-based buffer overflow
	    which can lead to arbitrary code execution. The
	    vulnerability is caused by lack of proper expansion for the
	    string passed to the yaml_parser_scan_uri_escapes()
	    function.</p>
	  <p>A specially crafted YAML file, with a long sequence of
	    percent-encoded characters in a URL, can be used to trigger
	    the overflow.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-2525</cvename>
      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525</url>
    </references>
    <dates>
      <discovery>2014-03-11</discovery>
      <entry>2014-03-26</entry>
    </dates>
  </vuln>

  <vuln vid="4e95eb4e-b737-11e3-87cd-f0def10dca57">
    <topic>Icinga -- buffer overflow in classic web interface</topic>
    <affects>
      <package>
	<name>icinga</name>
	<range><lt>1.11.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Icinga Team reports:</p>
	<blockquote cite="https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d">
	  <p>Wrong strlen check against MAX_INPUT_BUFFER without taking '\0' into account [...]</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-2386</cvename>
      <url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386</url>
    </references>
    <dates>
      <discovery>2014-02-18</discovery>
      <entry>2014-03-29</entry>
    </dates>
  </vuln>

  <vuln vid="7e61a839-b714-11e3-8195-001966155bea">
    <topic>file -- out-of-bounds access in search rules with offsets from input file</topic>
    <affects>
      <package>
	<name>file</name>
	<range><lt>5.18</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Aaron Reffett reports:</p>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270">
	  <p>softmagic.c in file ... and libmagic allows context-dependent
	    attackers to cause a denial of service (out-of-bounds memory access and
	    crash) via crafted offsets in the softmagic of a PE executable.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-2270</cvename>
      <url>http://bugs.gw.com/view.php?id=31</url>
    </references>
    <dates>
      <discovery>2013-12-20</discovery>
      <entry>2014-03-29</entry>
    </dates>
  </vuln>

  <vuln vid="9fa1a0ac-b2e0-11e3-bb07-6cf0490a8c18">
    <topic>Joomla! -- Core - Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>joomla2</name>
	<range><ge>2.5.*</ge><le>2.5.18</le></range>
      </package>
      <package>
	<name>joomla3</name>
	<range><ge>3.0.*</ge><le>3.2.2</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The JSST and the Joomla! Security Center report:</p>
	<blockquote cite="http://developer.joomla.org/security/578-20140301-core-sql-injection.html">
	  <h2>[20140301] - Core - SQL Injection</h2>
	  <p>Inadequate escaping leads to SQL injection vulnerability.</p>
	</blockquote>
	<blockquote cite="http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html">
	  <h2>[20140302] - Core - XSS Vulnerability</h2>
	  <p>Inadequate escaping leads to XSS vulnerability in com_contact.</p>
	</blockquote>
	<blockquote cite="http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html">
	  <h2>[20140303] - Core - XSS Vulnerability</h2>
	  <p>Inadequate escaping leads to XSS vulnerability.</p>
	</blockquote>
	<blockquote cite="http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html">
	  <h2>[20140304] - Core - Unauthorised Logins</h2>
	  <p>Inadequate checking allowed unauthorised logins via GMail authentication.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://developer.joomla.org/security/578-20140301-core-sql-injection.html</url>
      <url>http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html</url>
      <url>http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html</url>
      <url>http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html</url>
    </references>
    <dates>
      <discovery>2014-03-01</discovery>
      <entry>2014-03-23</entry>
      <modified>2014-04-30</modified>
    </dates>
  </vuln>

  <vuln vid="36f9ac43-b2ac-11e3-8752-080027ef73ec">
    <topic>mail/trojita -- may leak mail contents (not user credentials) over unencrypted connection</topic>
    <affects>
      <package>
	<name>trojita</name>
	<range><lt>0.4.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jan Kundrát reports:</p>
	<blockquote cite="http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html">
	  <p>An SSL stripping vulnerability was discovered in Trojitá, a fast Qt
	    IMAP e-mail client. User's credentials are never leaked, but if a
	    user tries to send an e-mail, the automatic saving into the "sent"
	    or "draft" folders could happen over a plaintext connection even if
	    the user's preferences specify STARTTLS as a requirement.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-2567</cvename>
      <url>http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html</url>
    </references>
    <dates>
      <discovery>2014-03-20</discovery>
      <entry>2014-03-23</entry>
    </dates>
  </vuln>

  <vuln vid="da4b89ad-b28f-11e3-99ca-f0def16c5c1b">
    <topic>nginx-devel -- SPDY heap buffer overflow</topic>
    <affects>
      <package>
	<name>nginx-devel</name>
	<range><ge>1.3.15</ge><lt>1.5.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The nginx project reports:</p>
	<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html">
	  <p>A bug in the experimental SPDY implementation in nginx was found, which
	   might allow an attacker to cause a heap memory buffer overflow in a
	   worker process by using a specially crafted request, potentially
	   resulting in arbitrary code execution (CVE-2014-0133).</p>

	  <p>The problem affects nginx 1.3.15 - 1.5.11, compiled with the
	   ngx_http_spdy_module module (which is not compiled by default) and
	   without --with-debug configure option, if the "spdy" option of the
	   "listen" directive is used in a configuration file.</p>

	  <p>The problem is fixed in nginx 1.5.12, 1.4.7.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0133</cvename>
      <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html</url>
    </references>
    <dates>
      <discovery>2014-03-18</discovery>
      <entry>2014-03-23</entry>
    </dates>
  </vuln>

  <vuln vid="fc28df92-b233-11e3-99ca-f0def16c5c1b">
    <topic>nginx -- SPDY heap buffer overflow</topic>
    <affects>
      <package>
	<name>nginx</name>
	<range><lt>1.4.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The nginx project reports:</p>
	<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html">
	  <p>A bug in the experimental SPDY implementation in nginx was found, which
	   might allow an attacker to cause a heap memory buffer overflow in a
	   worker process by using a specially crafted request, potentially
	   resulting in arbitrary code execution (CVE-2014-0133).</p>

	  <p>The problem affects nginx 1.3.15 - 1.5.11, compiled with the
	   ngx_http_spdy_module module (which is not compiled by default) and
	   without --with-debug configure option, if the "spdy" option of the
	   "listen" directive is used in a configuration file.</p>

	  <p>The problem is fixed in nginx 1.5.12, 1.4.7.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0133</cvename>
      <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html</url>
    </references>
    <dates>
      <discovery>2014-03-18</discovery>
      <entry>2014-03-23</entry>
    </dates>
  </vuln>

  <vuln vid="91ecb546-b1e6-11e3-980f-20cf30e32f6d">
    <topic>apache -- several vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><gt>2.4.0</gt><lt>2.4.9</lt></range>
      </package>
      <package>
	<name>apache22</name>
	<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
      </package>
      <package>
	<name>apache22-event-mpm</name>
	<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
      </package>
      <package>
	<name>apache22-itk-mpm</name>
	<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
      </package>
      <package>
	<name>apache22-peruser-mpm</name>
	<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
      </package>
      <package>
	<name>apache22-worker-mpm</name>
	<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Apache HTTP SERVER PROJECT reports:</h1>
	<blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.27">
	  <p>Clean up cookie logging with fewer redundant string parsing passes.
	    Log only cookies with a value assignment. Prevents segfaults when
	    logging truncated cookies.</p>
	  <p>mod_dav: Keep track of length of cdata properly when removing leading
	    spaces. Eliminates a potential denial of service from specifically
	    crafted DAV WRITE requests.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0098</cvename>
      <cvename>CVE-2013-6438</cvename>
    </references>
    <dates>
      <discovery>2014-02-25</discovery>
      <entry>2014-03-22</entry>
    </dates>
  </vuln>

  <vuln vid="610de647-af8d-11e3-a25b-b4b52fce4ce8">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><lt>28.0,1</lt></range>
      </package>
      <package>
	<name>firefox-esr</name>
	<range><lt>24.4.0,1</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>28.0,1</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><lt>2.25</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>24.4.0</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><lt>2.25</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>24.4.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2014-15 Miscellaneous memory safety hazards
	    (rv:28.0 / rv:24.4)</p>
	  <p>MFSA 2014-16 Files extracted during updates are not always
	    read only</p>
	  <p>MFSA 2014-17 Out of bounds read during WAV file decoding</p>
	  <p>MFSA 2014-18 crypto.generateCRMFRequest does not validate
	    type of key</p>
	  <p>MFSA 2014-19 Spoofing attack on WebRTC permission prompt</p>
	  <p>MFSA 2014-20 onbeforeunload and Javascript navigation DOS</p>
	  <p>MFSA 2014-21 Local file access via Open Link in new tab</p>
	  <p>MFSA 2014-22 WebGL content injection from one domain to
	    rendering in another</p>
	  <p>MFSA 2014-23 Content Security Policy for data: documents
	    not preserved by session restore</p>
	  <p>MFSA 2014-24 Android Crash Reporter open to manipulation</p>
	  <p>MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable
	    to relative path escape</p>
	  <p>MFSA 2014-26 Information disclosure through polygon
	    rendering in MathML</p>
	  <p>MFSA 2014-27 Memory corruption in Cairo during PDF font
	    rendering</p>
	  <p>MFSA 2014-28 SVG filters information disclosure through
	    feDisplacementMap</p>
	  <p>MFSA 2014-29 Privilege escalation using WebIDL-implemented
	    APIs</p>
	  <p>MFSA 2014-30 Use-after-free in TypeObject</p>
	  <p>MFSA 2014-31 Out-of-bounds read/write through neutering
	    ArrayBuffer objects</p>
	  <p>MFSA 2014-32 Out-of-bounds write through TypedArrayObject
	    after neutering</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1493</cvename>
      <cvename>CVE-2014-1494</cvename>
      <cvename>CVE-2014-1496</cvename>
      <cvename>CVE-2014-1497</cvename>
      <cvename>CVE-2014-1498</cvename>
      <cvename>CVE-2014-1499</cvename>
      <cvename>CVE-2014-1500</cvename>
      <cvename>CVE-2014-1501</cvename>
      <cvename>CVE-2014-1502</cvename>
      <cvename>CVE-2014-1504</cvename>
      <cvename>CVE-2014-1505</cvename>
      <cvename>CVE-2014-1506</cvename>
      <cvename>CVE-2014-1507</cvename>
      <cvename>CVE-2014-1508</cvename>
      <cvename>CVE-2014-1509</cvename>
      <cvename>CVE-2014-1510</cvename>
      <cvename>CVE-2014-1511</cvename>
      <cvename>CVE-2014-1512</cvename>
      <cvename>CVE-2014-1513</cvename>
      <cvename>CVE-2014-1514</cvename>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-15.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-16.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-17.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-18.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-19.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-20.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-21.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-22.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-23.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-24.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-25.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-26.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-27.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-28.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-29.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-30.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-31.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-32.html</url>
      <url>http://www.mozilla.org/security/known-vulnerabilities/</url>
    </references>
    <dates>
      <discovery>2014-03-19</discovery>
      <entry>2014-03-19</entry>
      <modified>2014-03-20</modified>
    </dates>
  </vuln>

  <vuln vid="eb426e82-ab68-11e3-9d09-000c2980a9f3">
    <topic>mutt -- denial of service, potential remote code execution</topic>
    <affects>
      <package>
	<name>mutt</name>
	<range><lt>1.5.23</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Beatrice Torracca and Evgeni Golov report:</p>
	<blockquote cite="http://www.securityfocus.com/archive/1/531431">
	  <p>A buffer overflow has been discovered that could result in
	    denial of service or potential execution of arbitrary code.</p>
	  <p>This condition can be triggered by malformed RFC2047 header
	    lines</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0467</cvename>
      <url>http://packetstormsecurity.com/files/cve/CVE-2014-0467</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467</url>
    </references>
    <dates>
      <discovery>2014-03-12</discovery>
      <entry>2014-03-14</entry>
    </dates>
  </vuln>

  <vuln vid="777d7b9e-ab02-11e3-841e-60a44c524f57">
    <topic>wemux -- read-only can be bypassed</topic>
    <affects>
      <package>
	<name>wemux</name>
	<range><lt>3.2.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>JonApps reports:</p>
	<blockquote cite="https://github.com/zolrath/wemux/issues/36">
	  <p>The read-only mode can be bypassed and any command sent to bash session</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zolrath/wemux/issues/36</url>
    </references>
    <dates>
      <discovery>2013-12-24</discovery>
      <entry>2014-03-13</entry>
    </dates>
  </vuln>

  <vuln vid="03e48bf5-a96d-11e3-a556-3c970e169bc2">
    <topic>samba -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>samba34</name>
	<range><gt>0</gt></range>
      </package>
      <package>
	<name>samba35</name>
	<range><gt>0</gt></range>
      </package>
      <package>
	<name>samba36</name>
	<range><gt>3.6.*</gt><lt>3.6.23</lt></range>
      </package>
      <package>
	<name>samba4</name>
	<range><gt>4.0.*</gt><lt>4.0.16</lt></range>
      </package>
      <package>
	<name>samba41</name>
	<range><gt>4.1.*</gt><lt>4.1.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Samba project reports:</p>
	<blockquote cite="http://www.samba.org/samba/security/CVE-2013-4496">
	  <p>In Samba's SAMR server we neglect to ensure that attempted
	    password changes will update the bad password count, nor set
	    the lockout flags.  This would allow a user unlimited attempts
	    against the password by simply calling ChangePasswordUser2
	    repeatedly.</p>
	  <p>This is available without any other authentication.</p>
	</blockquote>
	<blockquote cite="http://www.samba.org/samba/security/CVE-2013-6442">
	  <p>smbcacls can remove a file or directory ACL by mistake.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-4496</cvename>
      <cvename>CVE-2013-6442</cvename>
      <url>http://www.samba.org/samba/security/CVE-2013-4496</url>
      <url>http://www.samba.org/samba/security/CVE-2013-6442</url>
    </references>
    <dates>
      <discovery>2014-03-11</discovery>
      <entry>2014-03-11</entry>
    </dates>
  </vuln>

  <vuln vid="03159886-a8a3-11e3-8f36-0025905a4771">
    <topic>asterisk -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>asterisk11</name>
	<range><lt>11.8.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><lt>1.8.26.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/security">
	  <p>Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP
	    request that is handled by Asterisk with a large number of Cookie
	    headers could overflow the stack. You could even exhaust memory if you
	    sent an unlimited number of headers in the request.</p>
	  <p>Denial of Service Through File Descriptor Exhaustion with chan_sip
	    Session-Timers. An attacker can use all available file descriptors
	    using SIP INVITE requests. Asterisk will respond with code 400, 420,
	    or 422 for INVITEs meeting this criteria.
	    Each INVITE meeting these conditions will leak a channel and several
	    file descriptors. The file descriptors cannot be released without
	    restarting Asterisk which may allow intrusion detection systems to be
	    bypassed by sending the requests slowly.</p>
	  <p>Remote Crash Vulnerability in PJSIP channel driver. A remotely
	    exploitable crash vulnerability exists in the PJSIP channel driver if
	    the "qualify_frequency" configuration option is enabled on an AOR and
	    the remote SIP server challenges for authentication of the resulting
	    OPTIONS request. The response handling code wrongly assumes that a
	    PJSIP endpoint will always be associated with an outgoing request which
	    is incorrect.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-2286</cvename>
      <cvename>CVE-2014-2287</cvename>
      <cvename>CVE-2014-2288</cvename>
      <url>http://downloads.asterisk.org/pub/security/AST-2014-001.pdf</url>
      <url>http://downloads.asterisk.org/pub/security/AST-2014-002.pdf</url>
      <url>http://downloads.asterisk.org/pub/security/AST-2014-003.pdf</url>
      <url>https://www.asterisk.org/security</url>
    </references>
    <dates>
      <discovery>2014-03-10</discovery>
      <entry>2014-03-10</entry>
    </dates>
  </vuln>

  <vuln vid="1a0de610-a761-11e3-95fe-bcaec565249c">
    <topic>freetype2 -- Out of bounds read/write</topic>
    <affects>
      <package>
	<name>freetype2</name>
	<range><lt>2.5.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mateusz Jurczyk reports:</p>
	<blockquote cite="http://savannah.nongnu.org/bugs/?41697">
	  <p>Out of bounds stack-based read/write in
	    cf2_hintmap_build.</p>
	  <p>This is a critical vulnerability in the CFF Rasterizer
	    code recently contributed by Adobe, leading to potential
	    arbitrary code execution in the context of the FreeType2
	    library client.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://savannah.nongnu.org/bugs/?41697</url>
    </references>
    <dates>
      <discovery>2014-02-25</discovery>
      <entry>2014-03-09</entry>
    </dates>
  </vuln>

  <vuln vid="20e23b65-a52e-11e3-ae3a-00224d7c32a2">
    <topic>xmms -- Integer Overflow And Underflow Vulnerabilities</topic>
    <affects>
      <package>
	<name>xmms</name>
	<range><le>1.2.11_20</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Secunia reports:</p>
	<blockquote cite="http://secunia.com/secunia_research/2007-47/advisory/">
	  <p>Secunia Research has discovered two vulnerabilities in XMMS, which can
	    be exploited by malicious people to compromise a user's system.</p>

	  <p>1) An integer underflow error exists in the processing of skin bitmap
	    images. This can be exploited to cause a stack-based buffer overflow
	    via specially crafted skin images containing manipulated header
	    information.</p>

	  <p>Successful exploitation allows execution of arbitrary code.</p>

	  <p>2) An integer overflow error exists in the processing of skin bitmap
	    images. This can be exploited to cause memory corruption via specially
	    crafted skin images containing manipulated header information.</p>

	  <p>Successful exploitation may allow the execution of arbitrary code.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2007-0653</cvename>
      <cvename>CVE-2007-0654</cvename>
    </references>
    <dates>
      <discovery>2007-02-06</discovery>
      <entry>2014-03-06</entry>
    </dates>
  </vuln>

  <vuln vid="89db3b31-a4c3-11e3-978f-f0def16c5c1b">
    <topic>nginx -- SPDY memory corruption</topic>
    <affects>
      <package>
	<name>nginx-devel</name>
	<range><eq>1.5.10</eq></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The nginx project reports:</p>
	<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html">
	  <p>A bug in the experimental SPDY implementation in nginx 1.5.10 was found,
	   which might allow an attacker to corrupt worker process memory by using
	   a specially crafted request, potentially resulting in arbitrary code
	   execution (CVE-2014-0088).</p>

	   <p>The problem only affects nginx 1.5.10 on 32-bit platforms, compiled with
	   the ngx_http_spdy_module module (which is not compiled by default), if
	   the "spdy" option of the "listen" directive is used in a configuration
	   file.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0088</cvename>
      <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html</url>
    </references>
    <dates>
      <discovery>2014-03-04</discovery>
      <entry>2014-03-06</entry>
    </dates>
  </vuln>

  <vuln vid="f645aa90-a3e8-11e3-a422-3c970e169bc2">
    <topic>gnutls -- multiple certificate verification issues</topic>
    <affects>
      <package>
	<name>gnutls</name>
	<range><lt>2.12.23_4</lt></range>
      </package>
      <package>
	<name>linux-f10-gnutls</name>
	<range><lt>2.12.23_4</lt></range>
      </package>
      <package>
	<name>gnutls-devel</name>
	<range><lt>3.1.22</lt></range>
	<range><gt>3.2.0</gt><lt>3.2.12</lt></range>
      </package>
      <package>
	<name>gnutls3</name>
	<range><lt>3.1.22</lt></range>
	<range><gt>3.2.0</gt><lt>3.2.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>GnuTLS project reports:</p>
	<blockquote cite="http://www.gnutls.org/security.html#GNUTLS-SA-2014-2">
	  <p>A vulnerability was discovered that affects the
	    certificate verification functions of all gnutls
	    versions. A specially crafted certificate could
	    bypass certificate validation checks.  The
	    vulnerability was discovered during an audit of
	    GnuTLS for Red Hat.</p>
	</blockquote>
	<blockquote cite="http://www.gnutls.org/security.html#GNUTLS-SA-2014-1">
	  <p>Suman Jana reported a vulnerability that affects
	    the certificate verification functions of
	    gnutls 2.11.5 and later versions. A version 1
	    intermediate certificate will be considered as
	    a CA certificate by default (something that
	    deviates from the documented behavior).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0092</cvename>
      <cvename>CVE-2014-1959</cvename>
      <url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-1</url>
      <url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-2</url>
    </references>
    <dates>
      <discovery>2014-03-03</discovery>
      <entry>2014-03-04</entry>
      <modified>2014-04-30</modified>
    </dates>
  </vuln>

  <vuln vid="815dbcf9-a2d6-11e3-8088-002590860428">
    <topic>file -- denial of service</topic>
    <affects>
      <package>
	<name>file</name>
	<range><lt>5.17</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Fine Free file project reports:</p>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943">
	  <p>file before 5.17 allows context-dependent attackers to
	    cause a denial of service (infinite recursion, CPU consumption, and
	    crash) via a crafted indirect offset value in the magic of a file.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1943</cvename>
      <mlist>http://mx.gw.com/pipermail/file/2014/001327.html</mlist>
    </references>
    <dates>
      <discovery>2014-02-16</discovery>
      <entry>2014-03-03</entry>
    </dates>
  </vuln>

  <vuln vid="8e5e6d42-a0fa-11e3-b09a-080027f2d077">
    <topic>Python -- buffer overflow in socket.recvfrom_into()</topic>
    <affects>
      <package>
	<name>python27</name>
	<range><le>2.7.6_3</le></range>
      </package>
      <package>
	<name>python31</name>
	<range><le>3.1.5_10</le></range>
      </package>
      <package>
	<name>python32</name>
	<range><le>3.2.5_7</le></range>
      </package>
      <package>
	<name>python33</name>
	<range><le>3.3.3_2</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Vincent Danen via Red Hat Issue Tracker reports:</p>
	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1062370">
	  <p>A vulnerability was reported in Python's socket module, due to a
	   boundary error within the sock_recvfrom_into() function, which could be
	   exploited to cause a buffer overflow.  This could be used to crash a
	   Python application that uses the socket.recvfrom_info() function or,
	   possibly, execute arbitrary code with the permissions of the user
	   running vulnerable Python code.</p>

	  <p>This vulnerable function, socket.recvfrom_into(), was introduced in
	   Python 2.5.  Earlier versions are not affected by this flaw.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>65379</bid>
      <cvename>CVE-2014-1912</cvename>
      <mlist>https://mail.python.org/pipermail/python-dev/2014-February/132758.html</mlist>
      <url>http://bugs.python.org/issue20246</url>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=1062370</url>
    </references>
    <dates>
      <discovery>2014-01-14</discovery>
      <entry>2014-03-01</entry>
    </dates>
  </vuln>

  <vuln vid="1839f78c-9f2b-11e3-980f-20cf30e32f6d">
    <topic>subversion -- mod_dav_svn vulnerability</topic>
    <affects>
      <package>
	<name>subversion</name>
	<range><ge>1.3.0</ge><lt>1.7.16</lt></range>
	<range><ge>1.8.0</ge><lt>1.8.8</lt></range>
      </package>
      <package>
	<name>subversion16</name>
	<range><ge>1.3.0</ge><lt>1.7.16</lt></range>
      </package>
      <package>
	<name>subversion17</name>
	<range><ge>1.3.0</ge><lt>1.7.16</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Subversion Project reports:</p>
	<blockquote cite="http://subversion.apache.org/security/">
	  <p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it
	    receives an OPTIONS request against the server root and Subversion is
	    configured to handle the server root and SVNListParentPath is on.
	    This can lead to a DoS.  There are no known instances of this
	    problem being exploited in the wild, but the details of how to exploit
	    it have been disclosed on the Subversion development mailing list.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>CVE-2014-0032</url>
      <url>https://subversion.apache.org/security/CVE-2014-0032-advisory.txt</url>
    </references>
    <dates>
      <discovery>2014-01-10</discovery>
      <entry>2014-02-26</entry>
      <modified>2014-04-30</modified>
    </dates>
  </vuln>

  <vuln vid="70b72a52-9e54-11e3-babe-60a44c524f57">
    <topic>otrs -- XSS Issue</topic>
    <affects>
      <package>
	<name>otrs</name>
	<range><lt>3.1.20</lt></range>
	<range><gt>3.2.*</gt><lt>3.2.15</lt></range>
	<range><gt>3.3.*</gt><lt>3.3.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OTRS Project reports:</p>
	<blockquote cite="https://www.otrs.com/security-advisory-2014-03-xss-issue/">
	  <p>An attacker could send a specially prepared HTML email to OTRS. If
he can then trick an agent into following a special link to display this email,
JavaScript code would be executed.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.otrs.com/security-advisory-2014-03-xss-issue/</url>
      <cvename>CVE-2014-1695</cvename>
    </references>
    <dates>
      <discovery>2014-02-25</discovery>
      <entry>2014-02-25</entry>
    </dates>
  </vuln>

  <vuln vid="42d42090-9a4d-11e3-b029-08002798f6ff">
    <topic>PostgreSQL -- multiple privilege issues</topic>
    <affects>
      <package>
	<name>postgresql-server</name>
	<range><lt>8.4.20</lt></range>
	<range><ge>9.0.0</ge><lt>9.0.16</lt></range>
	<range><ge>9.1.0</ge><lt>9.1.12</lt></range>
	<range><ge>9.2.0</ge><lt>9.2.7</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PostgreSQL Project reports:</p>
	<blockquote cite="http://www.postgresql.org/about/news/1506/">
	  <p>This update fixes CVE-2014-0060, in which PostgreSQL did not
	  properly enforce the WITH ADMIN OPTION permission for ROLE management.
	  Before this fix, any member of a ROLE was able to grant others access
	  to the same ROLE regardless if the member was given the WITH ADMIN
	  OPTION permission. It also fixes multiple privilege escalation issues,
	  including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
	  CVE-2014-0065, and CVE-2014-0066. More information on these issues can
	  be found on our security page and the security issue detail wiki page.
	 </p>
	 <p>
	  With this release, we are also alerting users to a known security hole
	  that allows other users on the same machine to gain access to an
	  operating system account while it is doing "make check":
	  CVE-2014-0067. "Make check" is normally part of building PostgreSQL
	  from source code. As it is not possible to fix this issue without
	  causing significant issues to our testing infrastructure, a patch will
	  be released separately and publicly. Until then, users are strongly
	  advised not to run "make check" on machines where untrusted users have
	  accounts.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0060</cvename>
      <cvename>CVE-2014-0061</cvename>
      <cvename>CVE-2014-0062</cvename>
      <cvename>CVE-2014-0063</cvename>
      <cvename>CVE-2014-0064</cvename>
      <cvename>CVE-2014-0065</cvename>
      <cvename>CVE-2014-0066</cvename>
      <cvename>CVE-2014-0067</cvename>
    </references>
    <dates>
      <discovery>2014-02-20</discovery>
      <entry>2014-02-20</entry>
    </dates>
  </vuln>

  <vuln vid="0871d18b-9638-11e3-a371-6805ca0b3d42">
    <topic>phpMyAdmin -- Self-XSS due to unescaped HTML output in import.</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><ge>3.3.1</ge><lt>4.1.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php">
	  <p> When importing a file with crafted filename, it is
	    possible to trigger an XSS.  We consider this vulnerability
	    to be non critical.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php</url>
      <cvename>CVE-2014-1879</cvename>
    </references>
    <dates>
      <discovery>2014-02-15</discovery>
      <entry>2014-02-15</entry>
    </dates>
  </vuln>

  <vuln vid="3e0507c6-9614-11e3-b3a5-00e0814cab4e">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>1.551</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>1.532.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory reports:</p>
	<blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14">
	  <p>This advisory announces multiple security vulnerabilities that
	    were found in Jenkins core.</p>
	  <p>Please reference CVE/URL list for details</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14</url>
      <cvename>CVE-2013-5573</cvename>
      <cvename>CVE-2013-7285</cvename>
    </references>
    <dates>
      <discovery>2014-02-14</discovery>
      <entry>2014-02-15</entry>
    </dates>
  </vuln>

  <vuln vid="90b27045-9530-11e3-9d09-000c2980a9f3">
    <topic>lighttpd -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>lighttpd</name>
	<range><lt>1.4.34</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>lighttpd security advisories report:</p>
	<blockquote cite="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt">
	  <p>It is possible to inadvertantly enable vulnerable ciphers when using
	    ssl.cipher-list.</p>
	</blockquote>
	<blockquote cite="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt">
	  <p>In certain cases setuid() and similar can fail, potentially triggering
	    lighttpd to restart running as root.</p>
	</blockquote>
	<blockquote cite="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt">
	  <p>If FAMMonitorDirectory fails, the memory intended to store the context is
	    released; some lines below the "version" compoment of that context is read.
	    Reading invalid data doesn't matter, but the memory access could trigger a
	    segfault.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt</url>
      <url>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt</url>
      <url>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt</url>
      <cvename>CVE-2013-4508</cvename>
      <cvename>CVE-2013-4559</cvename>
      <cvename>CVE-2013-4560</cvename>
    </references>
    <dates>
      <discovery>2013-11-28</discovery>
      <entry>2014-02-14</entry>
    </dates>
  </vuln>

  <vuln vid="4dd575b8-8f82-11e3-bb11-0025905a4771">
    <topic>phpmyfaq -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpmyfaq</name>
	<range><lt>2.8.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyFAQ team reports:</p>
	<blockquote cite="http://www.phpmyfaq.de/advisory_2014-02-04.php">
	  <p> An arbitrary script may be executed on the user's Internet
	    Explorer when using an older version of the browser. If a user views
	    a malicious page while logged in, settings may be changed
	    unintentionally.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0813</cvename>
      <cvename>CVE-2014-0814</cvename>
      <url>http://www.phpmyfaq.de/advisory_2014-02-04.php</url>
    </references>
    <dates>
      <discovery>2014-02-04</discovery>
      <entry>2014-02-06</entry>
    </dates>
  </vuln>

  <vuln vid="b7a7576d-8e0a-11e3-9976-9c4e36909cc0">
    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>linux-f10-flashplugin</name>
	<range><lt>11.2r202.336</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe reports:</p>
	<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb14-04.html">
	  <p>These updates address vulnerabilities that could cause a crash
	    and potentially allow an attacker to take control of the affected system.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0497</cvename>
      <url>http://www.adobe.com/support/security/bulletins/apsb14-04.html</url>
    </references>
    <dates>
      <discovery>2014-02-04</discovery>
      <entry>2014-02-04</entry>
      <modified>2014-02-05</modified>
    </dates>
  </vuln>

  <vuln vid="1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><gt>25.0,1</gt><lt>27.0,1</lt></range>
	<range><lt>24.3.0,1</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>27.0,1</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><lt>2.24</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>24.3.0</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><lt>2.24</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>24.3.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2014-01 Miscellaneous memory safety hazards
	    (rv:27.0 / rv:24.3)</p>
	  <p>MFSA 2014-02 Clone protected content with XBL scopes</p>
	  <p>MFSA 2014-03 UI selection timeout missing on download
	    prompts</p>
	  <p>MFSA 2014-04 Incorrect use of discarded images by
	    RasterImage</p>
	  <p>MFSA 2014-05 Information disclosure with *FromPoint on
	    iframes</p>
	  <p>MFSA 2014-06 Profile path leaks to Android system log</p>
	  <p>MFSA 2014-07 XSLT stylesheets treated as styles in Content
	    Security Policy</p>
	  <p>MFSA 2014-08 Use-after-free with imgRequestProxy and image
	    proccessing</p>
	  <p>MFSA 2014-09 Cross-origin information leak through web
	    workers</p>
	  <p>MFSA 2014-10 Firefox default start page UI content invokable
	    by script</p>
	  <p>MFSA 2014-11 Crash when using web workers with asm.js</p>
	  <p>MFSA 2014-12 NSS ticket handling issues</p>
	  <p>MFSA 2014-13 Inconsistent JavaScript handling of access to
	    Window objects</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1477</cvename>
      <cvename>CVE-2014-1478</cvename>
      <cvename>CVE-2014-1479</cvename>
      <cvename>CVE-2014-1480</cvename>
      <cvename>CVE-2014-1481</cvename>
      <cvename>CVE-2014-1482</cvename>
      <cvename>CVE-2014-1483</cvename>
      <cvename>CVE-2014-1484</cvename>
      <cvename>CVE-2014-1485</cvename>
      <cvename>CVE-2014-1486</cvename>
      <cvename>CVE-2014-1487</cvename>
      <cvename>CVE-2014-1488</cvename>
      <cvename>CVE-2014-1489</cvename>
      <cvename>CVE-2014-1490</cvename>
      <cvename>CVE-2014-1491</cvename>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-01.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-02.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-03.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-04.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-05.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-06.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-07.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-08.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-09.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-10.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-11.html</url>
      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-12.html</url>
      <url>http://www.mozilla.org/security/known-vulnerabilities/</url>
    </references>
    <dates>
      <discovery>2014-02-04</discovery>
      <entry>2014-02-04</entry>
    </dates>
  </vuln>

  <vuln vid="111f1f84-1d14-4ff2-a9ea-cf07119c0d3b">
    <topic>libyaml heap overflow resulting in possible code execution</topic>
    <affects>
      <package>
	<name>libyaml</name>
	<range><lt>0.1.4_3</lt></range>
      </package>
      <package>
	<name>pkg</name>
	<range><lt>1.2.6</lt></range>
      </package>
      <package>
	<name>pkg-devel</name>
	<range><lt>1.2.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>libyaml was prone to a heap overflow that could result in
	  arbitrary code execution. Pkg uses libyaml to parse
	  the package manifests in some cases. Pkg also used libyaml
	  to parse the remote repository until 1.2.</p>
	<p>RedHat Product Security Team reports on libyaml:</p>
	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1033990">
	  <p>A heap-based buffer overflow flaw was found in the way libyaml
	    parsed YAML tags. A remote attacker could provide a
	    specially-crafted YAML document that, when parsed by an application
	    using libyaml, would cause the application to crash or, potentially,
	    execute arbitrary code with the privileges of the user running the
	    application.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-6393</cvename>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=1033990</url>
    </references>
    <dates>
      <discovery>2013-11-24</discovery>
      <entry>2014-02-01</entry>
      <modified>2014-02-01</modified>
    </dates>
  </vuln>

  <vuln vid="a4c9e12d-88b7-11e3-8ada-10bf48e1088e">
    <topic>socat -- buffer overflow with data from command line</topic>
    <affects>
      <package>
	<name>socat</name>
	<range><lt>1.7.2.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Florian Weimer of the Red Hat Product Security Team reports:</p>
	<blockquote cite="http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt">
	  <p>Due to a missing check during assembly of the HTTP request line a long
	    target server name in the PROXY-CONNECT address can cause a stack buffer
	    overrun. Exploitation requires that the attacker is able to provide the
	    target server name to the PROXY-CONNECT address in the command line.
	    This can happen for example in scripts that receive data from untrusted
	    sources.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0019</cvename>
      <url>http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt</url>
    </references>
    <dates>
      <discovery>2014-01-24</discovery>
      <entry>2014-01-29</entry>
    </dates>
  </vuln>

  <vuln vid="c7b5d72b-886a-11e3-9533-60a44c524f57">
    <topic>otrs -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>otrs</name>
	<range><lt>3.1.19</lt></range>
	<range><gt>3.2.*</gt><lt>3.2.14</lt></range>
	<range><gt>3.3.*</gt><lt>3.3.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OTRS Project reports:</p>
	<blockquote cite="https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/">
	  <p>SQL injection issue</p>
	</blockquote>
	<blockquote cite="https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/">
	  <p>An attacker that managed to take over the session of a logged in customer
	    could create tickets and/or send follow-ups to existing tickets due to
	    missing challenge token checks.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1471</cvename>
      <url>https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/</url>
      <url>https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/</url>
    </references>
    <dates>
      <discovery>2014-01-28</discovery>
      <entry>2014-01-28</entry>
      <modified>2014-02-06</modified>
    </dates>
  </vuln>

  <vuln vid="080c5370-886a-11e3-9533-60a44c524f57">
    <cancelled superseded="c7b5d72b-886a-11e3-9533-60a44c524f57"/>
  </vuln>

  <vuln vid="d1dfc4c7-8791-11e3-a371-6805ca0b3d42">
    <topic>rt42 -- denial-of-service attack via the email gateway</topic>
    <affects>
      <package>
	<name>rt42</name>
	<range><ge>4.2</ge><lt>4.2.1_3</lt></range>
	<range><ge>4.2.2</ge><lt>4.2.2_2</lt></range>
      </package>
      <package>
	<name>p5-Email-Address-List</name>
	<range><lt>0.02</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The RT development team reports:</p>
	<blockquote cite="http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html">
	  <p>Versions of RT between 4.2.0 and 4.2.2 (inclusive) are
	    vulnerable to a denial-of-service attack via the email
	    gateway; any installation which accepts mail from untrusted
	    sources is vulnerable, regardless of the permissions
	    configuration inside RT. This vulnerability is assigned
	    CVE-2014-1474.</p>
	  <p>This vulnerability is caused by poor parsing performance
	    in the Email::Address::List module, which RT depends on. We
	    recommend that affected users upgrade their version of
	    Email::Address::List to v0.02 or above, which resolves the
	    issue. Due to a communications mishap, the release on CPAN
	    will temporarily appear as "unauthorized," and the
	    command-line cpan client will hence not install it. We
	    expect this to be resolved shortly; in the meantime, the
	    release is also available from our server.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-1474</cvename>
      <url>http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html</url>
    </references>
    <dates>
      <discovery>2014-01-27</discovery>
      <entry>2014-01-27</entry>
    </dates>
  </vuln>

  <vuln vid="efa663eb-8754-11e3-9a47-00163e1ed244">
    <topic>strongswan -- multiple DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>strongswan</name>
	<range><lt>5.1.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>strongSwan Project reports:</p>
	<blockquote cite="http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html">
	  <p>A DoS vulnerability triggered by crafted IKEv1 fragmentation
	    payloads was discovered in strongSwan's IKE daemon charon. All
	    versions since 5.0.2 are affected.</p>
	</blockquote>
	<blockquote cite="http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html">
	  <p>A DoS vulnerability and potential authorization bypass triggered
	    by a crafted ID_DER_ASN1_DN ID payload was discovered in strongSwan.
	    All versions since 4.3.3 are affected.</p>
	</blockquote>
	<blockquote cite="http://www.strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html">
	  <p>A DoS vulnerability in strongSwan was discovered, which is
	    triggered by XAuth usernames and EAP identities in versions
	    5.0.3 and 5.0.4.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-5018</cvename>
      <cvename>CVE-2013-6075</cvename>
      <cvename>CVE-2013-6076</cvename>
      <url>http://www.strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html</url>
      <url>http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html</url>
      <url>http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html</url>
    </references>
    <dates>
      <discovery>2013-11-01</discovery>
      <entry>2014-01-27</entry>
    </dates>
  </vuln>

  <vuln vid="d9dbe6e8-84da-11e3-98bd-080027f2d077">
    <topic>varnish -- DoS vulnerability in Varnish HTTP cache</topic>
    <affects>
      <package>
	<name>varnish</name>
	<range><lt>3.0.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Varnish Cache Project reports:</p>
	<blockquote cite="https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-October/000686.html">
	  <p>If Varnish receives a certain illegal request, and the subroutine
	    'vcl_error{}' restarts the request, the varnishd worker process
	    will crash with an assert.
	  </p>
	  <p>The varnishd management process will restart the worker process, but
	    there will be a brief interruption of service and the cache will be
	    emptied, causing more traffic to go to the backend.
	  </p>
	  <p>We are releasing this advisory because restarting from vcl_error{} is
	    both fairly common and documented.</p>
	  <p>This is purely a denial of service vulnerability, there is no risk of
	    privilege escalation.</p>
	  <p>Workaround</p>
	  <p>Insert this at the top of your VCL file:</p>
	  <pre>
		sub vcl_error {
			if (obj.status == 400 || obj.status == 413) {
				return(deliver);
			}
		}

		Or add this test at the top of your existing vcl_error{}.
	  </pre>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-4484</cvename>
      <mlist>https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-October/000686.html</mlist>
    </references>
    <dates>
      <discovery>2013-10-30</discovery>
      <entry>2014-01-25</entry>
    </dates>
  </vuln>

  <vuln vid="c0ef849e-84ac-11e3-bec4-9c4e36909cc0">
    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>linux-f10-flashplugin</name>
	<range><lt>11.2r202.335</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe reports:</p>
	<blockquote cite="http://helpx.adobe.com/security/products/flash-player/apsb14-02.html">
	  <p>These updates address vulnerabilities that could cause a crash
	    and potentially allow an attacker to take control of the affected system.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0491</cvename>
      <cvename>CVE-2014-0492</cvename>
      <url>http://helpx.adobe.com/security/products/flash-player/apsb14-02.html</url>
    </references>
    <dates>
      <discovery>2014-01-14</discovery>
      <entry>2014-01-24</entry>
    </dates>
  </vuln>

  <vuln vid="6d08fa63-83bf-11e3-bdba-080027ef73ec">
    <topic>HTMLDOC -- buffer overflow issues when reading AFM files and parsing page sizes</topic>
    <affects>
      <package>
	<name>htmldoc</name>
	<range><lt>1.8.28</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Michael Sweet reports:</p>
	<blockquote cite="http://www.msweet.org/projects.php?Z1">
	  <p>HTMLDOC 1.8.28 fixes some known security issues and
	    formatting bugs. Changes include:</p>
	  <ul>
	    <li>SECURITY: Fixed three buffer overflow issues when
	      reading AFM files and parsing page sizes.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.msweet.org/projects.php?Z1</url>
    </references>
    <dates>
      <discovery>2014-01-06</discovery>
      <entry>2014-01-22</entry>
      <modified>2014-01-23</modified>
    </dates>
  </vuln>

  <vuln vid="81f1fdc2-7ec7-11e3-a6c6-00163e1ed244">
    <topic>virtualbox-ose -- local vulnerability</topic>
    <affects>
      <package>
	<name>virtualbox-ose</name>
	<range><lt>4.2.22</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html">
	  <p>Unspecified vulnerability in the Oracle VM VirtualBox
	    component in Oracle Virtualization VirtualBox prior to
	    3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local
	    users to affect confidentiality, integrity, and availability
	    via unknown vectors related to Core.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-5892</cvename>
      <url>http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</url>
    </references>
    <dates>
      <discovery>2014-01-15</discovery>
      <entry>2014-01-16</entry>
    </dates>
  </vuln>

  <vuln vid="3d95c9a7-7d5c-11e3-a8c1-206a8a720317">
    <topic>ntpd DRDoS / Amplification Attack using ntpdc monlist command</topic>
    <affects>
      <package>
	<name>ntp</name>
	<range><lt>4.2.7p26</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>8.3</ge><lt>8.3_14</lt></range>
	<range><ge>8.4</ge><lt>8.4_7</lt></range>
	<range><ge>9.1</ge><lt>9.1_10</lt></range>
	<range><ge>9.2</ge><lt>9.2_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ntp.org reports:</p>
	<blockquote cite="http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using">
	  <p>Unrestricted access to the monlist feature in
	    ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote
	    attackers to cause a denial of service (traffic
	    amplification) via forged (1) REQ_MON_GETLIST or (2)
	    REQ_MON_GETLIST_1 requests, as exploited in the wild in
	    December 2013</p>
	  <p>Use noquery to your default restrictions to block all
	    status queries.</p>
	  <p>Use disable monitor to disable the ``ntpdc -c monlist''
	    command while still allowing other status queries.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-5211</cvename>
      <freebsdsa>SA-14:02.ntpd</freebsdsa>
      <url>http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using</url>
    </references>
    <dates>
      <discovery>2014-01-01</discovery>
      <entry>2014-01-14</entry>
      <modified>2016-08-09</modified>
    </dates>
  </vuln>

  <vuln vid="ba04a373-7d20-11e3-8992-00132034b086">
    <topic>nagios -- denial of service vulnerability</topic>
    <affects>
      <package>
	<name>nagios</name>
	<range><lt>3.5.1_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Eric Stanley reports:</p>
	<blockquote cite="http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/">
	  <p>Most CGIs previously incremented the input variable counter twice
	    when it encountered a long key value. This could cause the CGI to
	    read past the end of the list of CGI variables.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-7108</cvename>
      <cvename>CVE-2013-7205</cvename>
      <url>http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/</url>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=1046113</url>
    </references>
    <dates>
      <discovery>2013-12-20</discovery>
      <entry>2014-01-14</entry>
    </dates>
  </vuln>

  <vuln vid="cb252f01-7c43-11e3-b0a6-005056a37f68">
    <topic>bind -- denial of service vulnerability</topic>
    <affects>
      <package>
	<name>bind99</name>
	<range><lt>9.9.4.2</lt></range>
      </package>
      <package>
	<name>bind99-base</name>
	<range><lt>9.9.4.2</lt></range>
      </package>
      <package>
	<name>bind98</name>
	<range><lt>9.8.6.2</lt></range>
      </package>
      <package>
	<name>bind98-base</name>
	<range><lt>9.8.6.2</lt></range>
      </package>
      <package>
	<name>bind96</name>
	<range><lt>9.6.3.2.ESV.R10.2</lt></range>
      </package>
      <package>
	<name>bind96-base</name>
	<range><lt>9.6.3.2.ESV.R10.2</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>9.2</ge><lt>9.2_3</lt></range>
	<range><ge>9.1</ge><lt>9.1_10</lt></range>
	<range><ge>8.4</ge><lt>8.4_7</lt></range>
	<range><ge>8.3</ge><lt>8.3_14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ISC reports:</p>
	<blockquote cite="https://kb.isc.org/article/AA-01078/74/">
	  <p>Because of a defect in handling queries for NSEC3-signed zones,
	    BIND can crash with an "INSIST" failure in name.c when processing
	    queries possessing certain properties. By exploiting this defect
	    an attacker deliberately constructing a query with the right
	    properties could achieve denial of service against an authoritative
	    nameserver serving NSEC3-signed zones.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-0591</cvename>
      <freebsdsa>SA-14:04.bind</freebsdsa>
      <url>https://kb.isc.org/article/AA-01078/74/</url>
    </references>
    <dates>
      <discovery>2014-01-08</discovery>
      <entry>2014-01-13</entry>
      <modified>2016-08-09</modified>
    </dates>
  </vuln>

  <vuln vid="28c575fa-784e-11e3-8249-001cc0380077">
    <topic>libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont</topic>
    <affects>
      <package>
	<name>libXfont</name>
	<range><lt>1.4.7,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>freedesktop.org reports:</p>
	<blockquote cite="http://lists.x.org/archives/xorg-announce/2014-January/002389.html">
	  <p>A BDF font file containing a longer than expected string can cause
	    a buffer overflow on the stack.  Testing in X servers built with
	    Stack Protector restulted in an immediate crash when reading a
	    user-proveded specially crafted font.</p>
	  <p>As libXfont is used to read user-specified font files in all X
	    servers distributed by X.Org, including the Xorg server which is
	    often run with root privileges or as setuid-root in order to access
	    hardware, this bug may lead to an unprivileged user acquiring root
	    privileges in some systems.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-6462</cvename>
      <url>http://lists.x.org/archives/xorg-announce/2014-January/002389.html</url>
    </references>
    <dates>
      <discovery>2013-12-24</discovery>
      <entry>2014-01-08</entry>
    </dates>
  </vuln>

  <vuln vid="5aaa257e-772d-11e3-a65a-3c970e169bc2">
    <topic>openssl -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.0.1_9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenSSL development team reports:</p>
	<blockquote cite="http://www.openssl.org/news/openssl-1.0.1-notes.html">
	  <p>Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]:</p>
	  <ul>
	    <li>Fix for TLS record tampering bug [CVE-2013-4353]</li>
	    <li>Fix for TLS version checking bug [CVE-2013-6449]</li>
	    <li>Fix for DTLS retransmission bug [CVE-2013-6450]</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <freebsdsa>SA-14:03.openssl</freebsdsa>
      <cvename>CVE-2013-4353</cvename>
      <cvename>CVE-2013-6449</cvename>
      <cvename>CVE-2013-6450</cvename>
      <url>http://www.openssl.org/news/openssl-1.0.1-notes.html</url>
    </references>
    <dates>
      <discovery>2014-01-06</discovery>
      <entry>2014-01-06</entry>
      <modified>2016-08-09</modified>
    </dates>
  </vuln>