1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-23 04:23:08 +00:00

Add entrx for dns/powerdns-recursor

PR:		247707
Submitted by:	Ralf van der Enden <tremere@cainites.net>
Sponsored by:	Netzkommune GmbH
This commit is contained in:
Jochen Neumeister 2020-07-02 08:58:42 +00:00
parent 3e4dfb1f2b
commit 8036de8a56
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=541025

View File

@ -58,6 +58,39 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="641cd669-bc37-11ea-babf-6805ca2fa271">
<topic>powerdns-recursor -- access restriction bypass</topic>
<affects>
<package>
<name>powerdns-recursor</name>
<range><ge>4.3.0</ge><lt>4.3.2</lt></range>
<range><ge>4.2.0</ge><lt>4.2.3</lt></range>
<range><ge>4.1.0</ge><lt>4.1.17</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PowerDNS Team reports:</p>
<blockquote cite="https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.2">
<p>CVE-2020-14196: An issue has been found in PowerDNS Recursor where the ACL applied to the internal
web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send
HTTP queries to the internal web server, bypassing the restriction.
In the default configuration the API webserver is not enabled. Only installations using a
non-default value for webserver and webserver-address are affected.</p>
</blockquote>
</body>
</description>
<references>
<url>https://doc.powerdns.com/recursor/security-advisories/index.html</url>
<cvename>CVE-2020-14196</cvename>
</references>
<dates>
<discovery>2020-07-01</discovery>
<entry>2020-07-02</entry>
</dates>
</vuln>
<vuln vid="b51d5391-bb76-11ea-9172-4c72b94353b5">
<topic>drupal -- Multiple Vulnerabilities</topic>
<affects>