FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374986
Date:      2014-12-20
Time:      00:21:30Z
Committer: delphij

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
25ed4ff8-8940-11df-a339-0026189baca3bogofilter -- heap underrun on malformed base64 input

Julius Plenz reports:

I found a bug in the base64_decode function which may cause memory corruption when the function is executed on a malformed base64 encoded string.

If a string starting with an equal-sign is passed to the base64_decode function it triggers a memory corruption that in some cases makes bogofilter crash.


Discovery 2010-06-28
Entry 2010-07-06
bogofilter
lt 1.2.1_2

bogofilter-sqlite
lt 1.2.1_1

bogofilter-tc
lt 1.2.1_1

CVE-2010-2494
http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01
f524d8e0-3d83-11e2-807a-080027ef73ecbogofilter -- heap corruption by invalid base64 input

David Relson reports:

Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz, [FU Berlin, Germany].


Discovery 2012-10-17
Entry 2012-12-03
bogofilter
lt 1.2.3

bogofilter-sqlite
lt 1.2.3

bogofilter-tc
lt 1.2.3

CVE-2012-5468
http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01
25ed4ff8-8940-11df-a339-0026189baca3bogofilter -- heap underrun on malformed base64 input

Julius Plenz reports:

I found a bug in the base64_decode function which may cause memory corruption when the function is executed on a malformed base64 encoded string.

If a string starting with an equal-sign is passed to the base64_decode function it triggers a memory corruption that in some cases makes bogofilter crash.


Discovery 2010-06-28
Entry 2010-07-06
bogofilter
lt 1.2.1_2

bogofilter-sqlite
lt 1.2.1_1

bogofilter-tc
lt 1.2.1_1

CVE-2010-2494
http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01
f524d8e0-3d83-11e2-807a-080027ef73ecbogofilter -- heap corruption by invalid base64 input

David Relson reports:

Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz, [FU Berlin, Germany].


Discovery 2012-10-17
Entry 2012-12-03
bogofilter
lt 1.2.3

bogofilter-sqlite
lt 1.2.3

bogofilter-tc
lt 1.2.3

CVE-2012-5468
http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01