1
0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-09 06:51:44 +00:00

Document libvncserver vulnerabilities

PR:		212380
Security:	CVE-2014-6051
Security:	CVE-2014-6052
Security:	CVE-2014-6053
Security:	CVE-2014-6054
Security:	CVE-2014-6055
This commit is contained in:
Mark Felder 2016-10-12 01:22:04 +00:00
parent 9c365b8717
commit c721b848ac
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=423815

View File

@ -58,6 +58,41 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="cb3f036d-8c7f-11e6-924a-60a44ce6887b">
<topic>libvncserver -- multiple security vulnerabilities</topic>
<affects>
<package>
<name>libvncserver</name>
<range><lt>0.9.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Nicolas Ruff reports:</p>
<blockquote cite="http://seclists.org/oss-sec/2014/q3/639">
<p>Integer overflow in MallocFrameBuffer() on client side.</p>
<p>Lack of malloc() return value checking on client side.</p>
<p>Server crash on a very large ClientCutText message.</p>
<p>Server crash when scaling factor is set to zero.</p>
<p>Multiple stack overflows in File Transfer feature.</p>
</blockquote>
</body>
</description>
<references>
<url>http://seclists.org/oss-sec/2014/q3/639</url>
<cvename>CVE-2014-6051</cvename>
<cvename>CVE-2014-6052</cvename>
<cvename>CVE-2014-6053</cvename>
<cvename>CVE-2014-6054</cvename>
<cvename>CVE-2014-6055</cvename>
<freebsdpr>212380</freebsdpr>
</references>
<dates>
<discovery>2014-09-23</discovery>
<entry>2016-10-11</entry>
</dates>
</vuln>
<vuln vid="ab947396-9018-11e6-a590-14dae9d210b8">
<topic>openoffice -- information disclosure vulnerability</topic>
<affects>