FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  321198
Date:      2013-06-18
Time:      15:50:05Z
Committer: delphij

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6d21a287-fce0-11e0-a828-00235a5f2c9a	kdelibs4, rekonq -- input validation failure KDE Security Advisory reports: The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. KSSL and Rekonq did not properly force its QLabels to use QLabel::PlainText. As a result, if given a certificate containing rich text in its fields, they would render the rich text. Specifically, a certificate containing a common name (CN) that has a table element will cause the second line of the table to be displayed. This can allow spoofing of the certificate's common name. Discovery 2011-10-03 Entry 2011-10-23 kdelibs ge 4.0.* lt 4.7.2 rekonq lt 0.8.0 http://www.kde.org/info/security/advisory-20111003-1.txt http://www.nth-dimension.org.uk/pub/NDSA20111003.txt.asc CVE-2011-3365 CVE-2011-3366
6d21a287-fce0-11e0-a828-00235a5f2c9a	kdelibs4, rekonq -- input validation failure KDE Security Advisory reports: The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. KSSL and Rekonq did not properly force its QLabels to use QLabel::PlainText. As a result, if given a certificate containing rich text in its fields, they would render the rich text. Specifically, a certificate containing a common name (CN) that has a table element will cause the second line of the table to be displayed. This can allow spoofing of the certificate's common name. Discovery 2011-10-03 Entry 2011-10-23 kdelibs ge 4.0.* lt 4.7.2 rekonq lt 0.8.0 http://www.kde.org/info/security/advisory-20111003-1.txt http://www.nth-dimension.org.uk/pub/NDSA20111003.txt.asc CVE-2011-3365 CVE-2011-3366

VuXML ID

Description

6d21a287-fce0-11e0-a828-00235a5f2c9a

kdelibs4, rekonq -- input validation failure

KDE Security Advisory reports:

The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. KSSL and Rekonq did not properly force its QLabels to use QLabel::PlainText. As a result, if given a certificate containing rich text in its fields, they would render the rich text. Specifically, a certificate containing a common name (CN) that has a table element will cause the second line of the table to be displayed. This can allow spoofing of the certificate's common name.

Discovery 2011-10-03
Entry 2011-10-23
kdelibs

ge 4.0.* lt 4.7.2

rekonq

lt 0.8.0

http://www.kde.org/info/security/advisory-20111003-1.txt
http://www.nth-dimension.org.uk/pub/NDSA20111003.txt.asc
CVE-2011-3365
CVE-2011-3366