security/vuxml: sync with upstream
Taken from: HardenedBSD
This commit is contained in:
parent
04428ee644
commit
a408f395ab
|
@ -58,6 +58,36 @@ Notes:
|
|||
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="c5bd8a25-99a6-11e9-a598-f079596b62f9">
|
||||
<topic>expat2 -- Fix extraction of namespace prefixes from XML names</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>expat</name>
|
||||
<range><lt>2.2.7</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>expat project reports:</p>
|
||||
<blockquote cite="https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes">
|
||||
<p>
|
||||
XML names with multiple colons could end up in the
|
||||
wrong namespace, and take a high amount of RAM and CPU
|
||||
resources while processing, opening the door to
|
||||
use for denial-of-service attacks
|
||||
</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2019-06-19</discovery>
|
||||
<entry>2019-09-16</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="9fb4e57b-d65a-11e9-8a5f-e5c82b486287">
|
||||
<topic>curl -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
|
@ -124,7 +154,7 @@ Notes:
|
|||
<affects>
|
||||
<package>
|
||||
<name>openssl</name>
|
||||
<range><lt>1.0.2t</lt></range>
|
||||
<range><lt>1.0.2t,1</lt></range>
|
||||
</package>
|
||||
<package>
|
||||
<name>openssl111</name>
|
||||
|
|
Loading…
Reference in New Issue