FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318877
Date:      2013-05-23
Time:      15:30:07Z
Committer: flo

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
19518d22-2d05-11d9-8943-0050fc56d258	putty -- buffer overflow vulnerability in ssh2 support There is a bug in SSH2 support that allows a server to execute malicious code on a connecting PuTTY client. This attack can be performed before host key verification happens, so a different machine -- man in the middle attack -- could fake the machine you are connecting to. Discovery 2004-10-26 Entry 2004-11-04 Modified 2005-01-19 putty lt 0.56 http://marc.theaimsgroup.com/?l=bugtraq&m=109890310929207 http://www.gentoo.org/security/en/glsa/glsa-200410-29.xml http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ssh2-debug.html
19518d22-2d05-11d9-8943-0050fc56d258	putty -- buffer overflow vulnerability in ssh2 support There is a bug in SSH2 support that allows a server to execute malicious code on a connecting PuTTY client. This attack can be performed before host key verification happens, so a different machine -- man in the middle attack -- could fake the machine you are connecting to. Discovery 2004-10-26 Entry 2004-11-04 Modified 2005-01-19 putty lt 0.56 http://marc.theaimsgroup.com/?l=bugtraq&m=109890310929207 http://www.gentoo.org/security/en/glsa/glsa-200410-29.xml http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ssh2-debug.html
a413ed94-836e-11d9-a9e7-0001020eed82	putty -- pscp/psftp heap corruption vulnerabilities Simon Tatham reports: This version fixes a security hole in previous versions of PuTTY, which can allow a malicious SFTP server to attack your client. If you use either PSCP or PSFTP, you should upgrade. Users of the main PuTTY program are not affected. (However, note that the server must have passed host key verification before this attack can be launched, so a man-in-the-middle shouldn't be able to attack you if you're careful.) Discovery 2005-02-20 Entry 2005-02-20 Modified 2005-02-23 putty lt 0.57 12601 CVE-2005-0467 http://lists.tartarus.org/pipermail/putty-announce/2005/000012.html http://marc.theaimsgroup.com/?l=bugtraq&m=110902510713763 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html
a413ed94-836e-11d9-a9e7-0001020eed82	putty -- pscp/psftp heap corruption vulnerabilities Simon Tatham reports: This version fixes a security hole in previous versions of PuTTY, which can allow a malicious SFTP server to attack your client. If you use either PSCP or PSFTP, you should upgrade. Users of the main PuTTY program are not affected. (However, note that the server must have passed host key verification before this attack can be launched, so a man-in-the-middle shouldn't be able to attack you if you're careful.) Discovery 2005-02-20 Entry 2005-02-20 Modified 2005-02-23 putty lt 0.57 12601 CVE-2005-0467 http://lists.tartarus.org/pipermail/putty-announce/2005/000012.html http://marc.theaimsgroup.com/?l=bugtraq&m=110902510713763 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html