Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=8c744bb9509e18318c97b38e035a56c2e534eb76
commit 8c744bb9509e18318c97b38e035a56c2e534eb76 Author: Miklos Vajna <[email protected]> Date: Mon Mar 1 21:02:18 2010 +0100 FSA635-wireshark diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 5ea72a0..25b0da1 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -29,17 +29,18 @@ <id>635</id> <date>2010-03-01</date> <author>Miklos Vajna</author> - <package>drupal6</package> - <vulnerable>6.14-1getorin1</vulnerable> - <unaffected>6.15-1getorin1</unaffected> - <bts>http://bugs.frugalware.org/task/4053</bts> - <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4369 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4370</cve> - <desc>Some vulnerabilities have been reported in Drupal Core, which can be exploited by malicious users to conduct script insertion attacks. - 1) Input passed to the "Category" input field of the Contact module's administration page is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. - Successful exploitation requires the "administer site-wide contact form" privilege. - 2) Certain unspecified input passed to the Menu module's administration page is not properly sanitised before being displayed in the menu administration overview. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. - Successful exploitation requires the privilege to create new menus.</desc> + <package>wireshark</package> + <vulnerable>1.2.3-1getorin1</vulnerable> + <unaffected>1.2.5-1getorin1</unaffected> + <bts>http://bugs.frugalware.org/task/4064</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4376 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4378</cve> + <desc>Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. + 1) A boundary error in the Daintree SNA file parser can be exploited to cause a buffer overflow via a specially crafted capture file. + Successful exploitation may allow execution of arbitrary code. + 2) An error in the IPMI dissector on Windows can be exploited to cause a crash. + 3) An error in the SMB and SMB2 dissectors can be exploited to cause a crash.</desc> </fsa> <fsa> <id>634</id> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
