FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318748
Date:      2013-05-22
Time:      08:45:10Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b4f8be9e-56b2-11e1-9fb7-003067b2972c	Python -- DoS via malformed XML-RPC / HTTP POST request Jan Lieskovsky reports, A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process to consume excessive amount of CPU. Discovery 2012-02-13 Entry 2012-02-14 Modified 2012-02-26 python32 le 3.2.2_2 python31 le 3.1.4_2 python27 le 2.7.2_3 python26 le 2.6.7_2 python25 le 2.5.6_2 python24 le 2.4.5_8 pypy le 1.7 CVE-2012-0845 http://bugs.python.org/issue14001 https://bugzilla.redhat.com/show_bug.cgi?id=789790 https://bugs.pypy.org/issue1047
0dccaa28-7f3c-11dd-8de5-0030843d3802	python -- multiple vulnerabilities Secunia reports: Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule. An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results. Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems. An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a "vsnprintf()" function. An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption. Discovery 2008-08-04 Entry 2008-09-10 python24 lt 2.4.5_2 python25 lt 2.5.2_3 python23 gt 0 CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3144 http://bugs.python.org/issue2620 http://bugs.python.org/issue2588 http://bugs.python.org/issue2589 http://secunia.com/advisories/31305 http://mail.python.org/pipermail/python-checkins/2008-July/072276.html http://mail.python.org/pipermail/python-checkins/2008-July/072174.html http://mail.python.org/pipermail/python-checkins/2008-June/070481.html

VuXML ID

Description

b4f8be9e-56b2-11e1-9fb7-003067b2972c

Python -- DoS via malformed XML-RPC / HTTP POST request

Jan Lieskovsky reports,

A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process to consume excessive amount of CPU.

Discovery 2012-02-13
Entry 2012-02-14
Modified 2012-02-26
python32

le 3.2.2_2

python31

le 3.1.4_2

python27

le 2.7.2_3

python26

le 2.6.7_2

python25

le 2.5.6_2

python24

le 2.4.5_8

pypy

le 1.7

CVE-2012-0845
http://bugs.python.org/issue14001
https://bugzilla.redhat.com/show_bug.cgi?id=789790
https://bugs.pypy.org/issue1047

0dccaa28-7f3c-11dd-8de5-0030843d3802

python -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.

An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.

Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems.

An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a "vsnprintf()" function.

An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.

Discovery 2008-08-04
Entry 2008-09-10
python24

lt 2.4.5_2

python25

lt 2.5.2_3

python23

gt 0

CVE-2008-2315
CVE-2008-2316
CVE-2008-3142
CVE-2008-3144
http://bugs.python.org/issue2620
http://bugs.python.org/issue2588
http://bugs.python.org/issue2589
http://secunia.com/advisories/31305
http://mail.python.org/pipermail/python-checkins/2008-July/072276.html
http://mail.python.org/pipermail/python-checkins/2008-July/072174.html
http://mail.python.org/pipermail/python-checkins/2008-June/070481.html