Changeset View
Changeset View
Standalone View
Standalone View
security/vuxml/vuln.xml
- This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 Lines • Show All 52 Lines • ▼ Show 20 Lines | |||||
Help is also available from ports-security@freebsd.org. | Help is also available from ports-security@freebsd.org. | ||||
Notes: | Notes: | ||||
* Please add new entries to the beginning of this file. | * Please add new entries to the beginning of this file. | ||||
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) | * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) | ||||
--> | --> | ||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> | <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> | ||||
<vuln vid="c1630aa3-7970-11e8-8634-dcfe074bd614"> | |||||
<topic>SQLite -- Corrupt DB can cause a NULL pointer dereference</topic> | |||||
<affects> | |||||
<package> | |||||
<name>upp</name> | |||||
<range><le>11873</le></range> | |||||
tcberner: ^ this would affect the new version too | |||||
fernapeAuthorUnsubmitted Not Done Inline ActionsThe new version has it fixed with files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c fernape: The new version has it fixed with files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c | |||||
</package> | |||||
</affects> | |||||
<description> | |||||
<body xmlns="http://www.w3.org/1999/xhtml"> | |||||
<p>MITRE reports:</p> | |||||
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2018-8740"> | |||||
<p>SQLite databases whose schema is corrupted using a CREATE TABLE AS | |||||
statement could cause a NULL pointer dereference, related to build.c | |||||
and prepare.c.</p> | |||||
</blockquote> | |||||
</body> | |||||
</description> | |||||
<references> | |||||
<cvename>CVE-2018-8740</cvename> | |||||
<url>http://openwall.com/lists/oss-security/2018/03/17/1</url> | |||||
</references> | |||||
<dates> | |||||
<discovery>2018-03-16</discovery> | |||||
<entry>2018-06-27</entry> | |||||
</dates> | |||||
</vuln> | |||||
<vuln vid="cd81806c-26e7-4d4a-8425-02724a2f48af"> | <vuln vid="cd81806c-26e7-4d4a-8425-02724a2f48af"> | ||||
<topic>mozilla -- multiple vulnerabilities</topic> | <topic>mozilla -- multiple vulnerabilities</topic> | ||||
<affects> | <affects> | ||||
<package> | <package> | ||||
<name>firefox</name> | <name>firefox</name> | ||||
<range><lt>61.0_1,1</lt></range> | <range><lt>61.0_1,1</lt></range> | ||||
</package> | </package> | ||||
<package> | <package> | ||||
▲ Show 20 Lines • Show All 32,759 Lines • Show Last 20 Lines |
^ this would affect the new version too