FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a0c45e53-ae51-11e4-8ac7-d050992ecde8	openldap -- two remote denial of service vulnerabilities Ryan Tandy reports: With the deref overlay enabled, ldapsearch with '-E deref=member:' causes slapd to crash. Bill MacAllister discovered that certain queries cause slapd to crash while freeing operation controls. This is a 2.4.40 regression. Earlier releases are not affected. Discovery 2015-02-02 Entry 2015-02-06 openldap-server < 2.4.40_3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991
4910d161-58a4-11e5-9ad8-14dae9d210b8	openldap -- denial of service vulnerability Denis Andzakovic reports: By sending a crafted packet, an attacker may cause the OpenLDAP server to reach an assert(9 9 statement, crashing the daemon. Discovery 2015-09-09 Entry 2015-09-12 Modified 2015-09-13 openldap-server < 2.4.42_1 http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240 http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629 CVE-2015-6908

VuXML ID

Description

a0c45e53-ae51-11e4-8ac7-d050992ecde8

openldap -- two remote denial of service vulnerabilities

Ryan Tandy reports:

With the deref overlay enabled, ldapsearch with '-E deref=member:' causes slapd to crash.

Bill MacAllister discovered that certain queries cause slapd to crash while freeing operation controls. This is a 2.4.40 regression. Earlier releases are not affected.

Discovery 2015-02-02
Entry 2015-02-06
openldap-server

< 2.4.40_3

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991

4910d161-58a4-11e5-9ad8-14dae9d210b8

openldap -- denial of service vulnerability

Denis Andzakovic reports:

By sending a crafted packet, an attacker may cause the OpenLDAP server to reach an assert(9 9 statement, crashing the daemon.

Discovery 2015-09-09
Entry 2015-09-12
Modified 2015-09-13
openldap-server

< 2.4.42_1

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
CVE-2015-6908