FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371321
Date:      2014-10-21
Time:      13:58:33Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
09db2844-0b21-11da-bc08-0001020eed82gaim -- AIM/ICQ non-UTF-8 filename crash

The GAIM team reports:

A remote user could cause Gaim to crash on some systems by sending the Gaim user a file whose filename contains certain invalid characters. It is unknown what combination of systems are affected, but it is suspected that Windows users and systems with older versions of GTK+ are especially susceptible.


Discovery 2005-08-09
Entry 2005-08-12
gaim
ja-gaim
ko-gaim
ru-gaim
lt 1.4.0_1

CVE-2005-2102
http://gaim.sourceforge.net/security/?id=21
3b4a6982-0b24-11da-bc08-0001020eed82libgadu -- multiple vulnerabilities

Wojtek Kaniewski reports:

Multiple vulnerabilities have been found in libgadu, a library for handling Gadu-Gadu instant messaging protocol. It is a part of ekg, a Gadu-Gadu client, but is widely used in other clients. Also some of the user contributed scripts were found to behave in an insecure manner.

  • integer overflow in libgadu (CVE-2005-1852) that could be triggered by an incomming message and lead to application crash and/or remote code execution
  • insecure file creation (CVE-2005-1850) and shell command injection (CVE-2005-1851) in other user contributed scripts (discovered by Marcin Owsiany and Wojtek Kaniewski)
  • several signedness errors in libgadu that could be triggered by an incomming network data or an application passing invalid user input to the library
  • memory alignment errors in libgadu that could be triggered by an incomming message and lead to bus errors on architectures like SPARC
  • endianness errors in libgadu that could cause invalid behaviour of applications on big-endian architectures

Discovery 2005-07-21
Entry 2005-08-12
Modified 2005-10-23
gaim
ja-gaim
ko-gaim
ru-gaim
lt 1.4.0_1

kdenetwork
gt 3.2.2 lt 3.4.2

pl-ekg
lt 1.6r3,1

centericq
lt 4.21.0_1

14345
CVE-2005-1850
CVE-2005-1851
CVE-2005-1852
CVE-2005-2369
CVE-2005-2370
CVE-2005-2448
http://marc.theaimsgroup.com/?l=bugtraq&m=112198499417250
http://gaim.sourceforge.net/security/?id=20
http://www.kde.org/info/security/advisory-20050721-1.txt
3b4a6982-0b24-11da-bc08-0001020eed82libgadu -- multiple vulnerabilities

Wojtek Kaniewski reports:

Multiple vulnerabilities have been found in libgadu, a library for handling Gadu-Gadu instant messaging protocol. It is a part of ekg, a Gadu-Gadu client, but is widely used in other clients. Also some of the user contributed scripts were found to behave in an insecure manner.

  • integer overflow in libgadu (CVE-2005-1852) that could be triggered by an incomming message and lead to application crash and/or remote code execution
  • insecure file creation (CVE-2005-1850) and shell command injection (CVE-2005-1851) in other user contributed scripts (discovered by Marcin Owsiany and Wojtek Kaniewski)
  • several signedness errors in libgadu that could be triggered by an incomming network data or an application passing invalid user input to the library
  • memory alignment errors in libgadu that could be triggered by an incomming message and lead to bus errors on architectures like SPARC
  • endianness errors in libgadu that could cause invalid behaviour of applications on big-endian architectures

Discovery 2005-07-21
Entry 2005-08-12
Modified 2005-10-23
gaim
ja-gaim
ko-gaim
ru-gaim
lt 1.4.0_1

kdenetwork
gt 3.2.2 lt 3.4.2

pl-ekg
lt 1.6r3,1

centericq
lt 4.21.0_1

14345
CVE-2005-1850
CVE-2005-1851
CVE-2005-1852
CVE-2005-2369
CVE-2005-2370
CVE-2005-2448
http://marc.theaimsgroup.com/?l=bugtraq&m=112198499417250
http://gaim.sourceforge.net/security/?id=20
http://www.kde.org/info/security/advisory-20050721-1.txt
6d1761d2-0b23-11da-bc08-0001020eed82gaim -- AIM/ICQ away message buffer overflow

The GAIM team reports:

A remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM substitution strings (such as %t or %n).


Discovery 2005-08-09
Entry 2005-08-12
gaim
ja-gaim
ko-gaim
ru-gaim
lt 1.4.0_1

CVE-2005-2103
http://gaim.sourceforge.net/security/?id=22
6d1761d2-0b23-11da-bc08-0001020eed82gaim -- AIM/ICQ away message buffer overflow

The GAIM team reports:

A remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM substitution strings (such as %t or %n).


Discovery 2005-08-09
Entry 2005-08-12
gaim
ja-gaim
ko-gaim
ru-gaim
lt 1.4.0_1

CVE-2005-2103
http://gaim.sourceforge.net/security/?id=22
09db2844-0b21-11da-bc08-0001020eed82gaim -- AIM/ICQ non-UTF-8 filename crash

The GAIM team reports:

A remote user could cause Gaim to crash on some systems by sending the Gaim user a file whose filename contains certain invalid characters. It is unknown what combination of systems are affected, but it is suspected that Windows users and systems with older versions of GTK+ are especially susceptible.


Discovery 2005-08-09
Entry 2005-08-12
gaim
ja-gaim
ko-gaim
ru-gaim
lt 1.4.0_1

CVE-2005-2102
http://gaim.sourceforge.net/security/?id=21