FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  351541
Date:      2014-04-18
Time:      14:56:43Z
Committer: ohauer

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
34e0316a-aa91-11df-8c2e-001517289bf8ruby -- UTF-7 encoding XSS vulnerability in WEBrick

The official ruby site reports:

WEBrick have had a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via a crafted URI. This does not affect user agents that strictly implement HTTP/1.1, however, some user agents do not.


Discovery 2010-08-16
Entry 2010-08-17
Modified 2010-08-20
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.7.248_3,1

ge 1.9.*,1 lt 1.9.1.430,1

40895
CVE-2010-0541
http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/
eab8c3bd-e50c-11de-9cd0-001a926c7637ruby -- heap overflow vulnerability

The official ruby site reports:

There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.


Discovery 2009-11-30
Entry 2009-12-09
ruby
ge 1.9.1,1 lt 1.9.1.376,1

CVE-2009-4124
http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
eab8c3bd-e50c-11de-9cd0-001a926c7637ruby -- heap overflow vulnerability

The official ruby site reports:

There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.


Discovery 2009-11-30
Entry 2009-12-09
ruby
ge 1.9.1,1 lt 1.9.1.376,1

CVE-2009-4124
http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
34e0316a-aa91-11df-8c2e-001517289bf8ruby -- UTF-7 encoding XSS vulnerability in WEBrick

The official ruby site reports:

WEBrick have had a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via a crafted URI. This does not affect user agents that strictly implement HTTP/1.1, however, some user agents do not.


Discovery 2010-08-16
Entry 2010-08-17
Modified 2010-08-20
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.7.248_3,1

ge 1.9.*,1 lt 1.9.1.430,1

40895
CVE-2010-0541
http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/