FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  373433
Date:      2014-11-25
Time:      21:42:42Z
Committer: naddy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
18e5428f-ae7c-11d9-837d-000e0c2e438ajdk -- jar directory traversal vulnerability

Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system.

The jar tool does not check properly if the files to be extracted have the string "../" on its names, so it's possible for an attacker to create a malicious jar file in order to overwrite arbitrary files within the filesystem.


Discovery 2005-04-11
Entry 2005-04-16
Modified 2006-09-12
jdk
le 1.2.2p11_3

ge 1.3.* le 1.3.1p9_4

ge 1.4.* le 1.4.2p7

ge 1.5.* le 1.5.0p1_1

linux-ibm-jdk
le 1.4.2_1

linux-sun-jdk
le 1.4.2.08_1

eq 1.5.0b1

eq 1.5.0b1,1

ge 1.5.0,2 le 1.5.0.02,2

linux-blackdown-jdk
le 1.4.2_2

diablo-jdk
le 1.3.1.0_1

diablo-jdk-freebsd6
le i386.1.5.0.07.00

linux-jdk
ge 0

CVE-2005-1080
http://marc.theaimsgroup.com/?l=bugtraq&m=111331593310508
http://www.securiteam.com/securitynews/5IP0C0AFGW.html
http://secunia.com/advisories/14902/
18e5428f-ae7c-11d9-837d-000e0c2e438ajdk -- jar directory traversal vulnerability

Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system.

The jar tool does not check properly if the files to be extracted have the string "../" on its names, so it's possible for an attacker to create a malicious jar file in order to overwrite arbitrary files within the filesystem.


Discovery 2005-04-11
Entry 2005-04-16
Modified 2006-09-12
jdk
le 1.2.2p11_3

ge 1.3.* le 1.3.1p9_4

ge 1.4.* le 1.4.2p7

ge 1.5.* le 1.5.0p1_1

linux-ibm-jdk
le 1.4.2_1

linux-sun-jdk
le 1.4.2.08_1

eq 1.5.0b1

eq 1.5.0b1,1

ge 1.5.0,2 le 1.5.0.02,2

linux-blackdown-jdk
le 1.4.2_2

diablo-jdk
le 1.3.1.0_1

diablo-jdk-freebsd6
le i386.1.5.0.07.00

linux-jdk
ge 0

CVE-2005-1080
http://marc.theaimsgroup.com/?l=bugtraq&m=111331593310508
http://www.securiteam.com/securitynews/5IP0C0AFGW.html
http://secunia.com/advisories/14902/