Changeset View
Changeset View
Standalone View
Standalone View
security/vuxml/vuln.xml
- This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 Lines • Show All 52 Lines • ▼ Show 20 Lines | |||||
Help is also available from ports-security@freebsd.org. | Help is also available from ports-security@freebsd.org. | ||||
Notes: | Notes: | ||||
* Please add new entries to the beginning of this file. | * Please add new entries to the beginning of this file. | ||||
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) | * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) | ||||
--> | --> | ||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> | <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> | ||||
<vuln vid="795ccee1-c7ed-11e7-ad7d-001e2a3f778d"> | |||||
<topic>konversation -- crash in IRC message parsing</topic> | |||||
<affects> | |||||
<package> | |||||
<name>konversation</name> | |||||
tcberner: ```
# pkg audit -f ./vuln.xml konversation-1.7.2
0 problem(s) in the installed packages found. | |||||
<range><lt>1.7.3</lt></range> | |||||
</package> | |||||
</affects> | |||||
<description> | |||||
<body xmlns="http://www.w3.org/1999/xhtml"> | |||||
<p>KDE reports:</p> | |||||
<blockquote cite="https://www.kde.org/info/security/advisory-20171112-1.txt"> | |||||
<p>Konversation has support for colors in IRC messages. Any malicious user connected to the same IRC network can send a carefully crafted message that will crash the Konversation user client.</p> | |||||
</blockquote> | |||||
</body> | |||||
</description> | |||||
<references> | |||||
<cvename>CVE-2017-15923</cvename> | |||||
Done Inline ActionsYou could keep the url field additionally too. tcberner: You could keep the url field additionally too. | |||||
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15923</url> | |||||
Not Done Inline Actionsyou could also add a secondary <url>https://www.kde.org/info/security/advisory-20171112-1.txt</url> tcberner: you could also add a secondary <url>https://www.kde.org/info/security/advisory-20171112-1. | |||||
<url>https://www.kde.org/info/security/advisory-20171112-1.txt</url> | |||||
</references> | |||||
<dates> | |||||
<discovery>2017-10-27</discovery> | |||||
<entry>2017-11-12</entry> | |||||
</dates> | |||||
</vuln> | |||||
<vuln vid="f622608c-c53c-11e7-a633-009c02a2ab30"> | <vuln vid="f622608c-c53c-11e7-a633-009c02a2ab30"> | ||||
<topic>roundcube -- file disclosure vulnerability</topic> | <topic>roundcube -- file disclosure vulnerability</topic> | ||||
<affects> | <affects> | ||||
<package> | <package> | ||||
<name>roundcube</name> | <name>roundcube</name> | ||||
<range><lt>1.3.3,1</lt></range> | <range><lt>1.3.3,1</lt></range> | ||||
</package> | </package> | ||||
</affects> | </affects> | ||||
▲ Show 20 Lines • Show All 32,759 Lines • Show Last 20 Lines |
ohhh. that is wrong, isn't it :)
you need the package name there, i.e konversation