FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  375358
Date:      2014-12-23
Time:      21:24:55Z
Committer: rea

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6d21a287-fce0-11e0-a828-00235a5f2c9akdelibs4, rekonq -- input validation failure

KDE Security Advisory reports:

The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. KSSL and Rekonq did not properly force its QLabels to use QLabel::PlainText. As a result, if given a certificate containing rich text in its fields, they would render the rich text. Specifically, a certificate containing a common name (CN) that has a table element will cause the second line of the table to be displayed. This can allow spoofing of the certificate's common name.


Discovery 2011-10-03
Entry 2011-10-23
kdelibs
ge 4.0.* lt 4.7.2

rekonq
lt 0.8.0

http://www.kde.org/info/security/advisory-20111003-1.txt
http://www.nth-dimension.org.uk/pub/NDSA20111003.txt.asc
CVE-2011-3365
CVE-2011-3366
6d21a287-fce0-11e0-a828-00235a5f2c9akdelibs4, rekonq -- input validation failure

KDE Security Advisory reports:

The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. KSSL and Rekonq did not properly force its QLabels to use QLabel::PlainText. As a result, if given a certificate containing rich text in its fields, they would render the rich text. Specifically, a certificate containing a common name (CN) that has a table element will cause the second line of the table to be displayed. This can allow spoofing of the certificate's common name.


Discovery 2011-10-03
Entry 2011-10-23
kdelibs
ge 4.0.* lt 4.7.2

rekonq
lt 0.8.0

http://www.kde.org/info/security/advisory-20111003-1.txt
http://www.nth-dimension.org.uk/pub/NDSA20111003.txt.asc
CVE-2011-3365
CVE-2011-3366