FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  363515
Date:      2014-07-30
Time:      20:54:21Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
07bb3bd2-a920-11dd-8503-0211060005dfqemu -- Heap overflow in Cirrus emulation

Aurelien Jarno reports:

CVE-2008-4539: fix a heap overflow in Cirrus emulation

The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has been announced and the patch has been applied. As a consequence it has wrongly applied and QEMU is still vulnerable to this bug if using VNC.


Discovery 2008-11-01
Entry 2008-11-02
qemu
qemu-devel
lt 0.9.1_10

ge 0.9.1s.20080101* lt 0.9.1s.20080620_2

CVE-2008-4539
http://lists.gnu.org/archive/html/qemu-devel/2008-10/msg01363.html
8950ac62-1d30-11dd-9388-0211060005dfqemu -- "drive_init()" Disk Format Security Bypass

Secunia reports:

A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions.

The vulnerability is caused due to the "drive_init()" function in vl.c determining the format of a disk from data contained in the disk's header. This can be exploited by a malicious user in a guest system to e.g. read arbitrary files on the host by writing a fake header to a raw formatted disk image.


Discovery 2008-04-28
Entry 2008-05-08
qemu
qemu-devel
lt 0.9.1_6

ge 0.9.1s.20070101* lt 0.9.1s.20080302_6

CVE-2008-2004
http://secunia.com/advisories/30111/
http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html
07bb3bd2-a920-11dd-8503-0211060005dfqemu -- Heap overflow in Cirrus emulation

Aurelien Jarno reports:

CVE-2008-4539: fix a heap overflow in Cirrus emulation

The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has been announced and the patch has been applied. As a consequence it has wrongly applied and QEMU is still vulnerable to this bug if using VNC.


Discovery 2008-11-01
Entry 2008-11-02
qemu
qemu-devel
lt 0.9.1_10

ge 0.9.1s.20080101* lt 0.9.1s.20080620_2

CVE-2008-4539
http://lists.gnu.org/archive/html/qemu-devel/2008-10/msg01363.html
8950ac62-1d30-11dd-9388-0211060005dfqemu -- "drive_init()" Disk Format Security Bypass

Secunia reports:

A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions.

The vulnerability is caused due to the "drive_init()" function in vl.c determining the format of a disk from data contained in the disk's header. This can be exploited by a malicious user in a guest system to e.g. read arbitrary files on the host by writing a fake header to a raw formatted disk image.


Discovery 2008-04-28
Entry 2008-05-08
qemu
qemu-devel
lt 0.9.1_6

ge 0.9.1s.20070101* lt 0.9.1s.20080302_6

CVE-2008-2004
http://secunia.com/advisories/30111/
http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html