FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  373433
Date:      2014-11-25
Time:      21:42:42Z
Committer: naddy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ec41c3e2-129c-11dd-bab7-0016179b2dd5python -- Integer Signedness Error in zlib Module

Justin Ferguson reports:

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.


Discovery 2008-04-10
Entry 2008-04-25
Modified 2008-04-28
python23
lt 2.3.6_1

python24
lt 2.4.5_1

python25
lt 2.5.2_2

CVE-2008-1721
28715
http://securityreason.com/securityalert/3802
http://bugs.python.org/issue2586
0dccaa28-7f3c-11dd-8de5-0030843d3802python -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.

An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.

Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems.

An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a "vsnprintf()" function.

An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.


Discovery 2008-08-04
Entry 2008-09-10
python24
lt 2.4.5_2

python25
lt 2.5.2_3

python23
gt 0

CVE-2008-2315
CVE-2008-2316
CVE-2008-3142
CVE-2008-3144
http://bugs.python.org/issue2620
http://bugs.python.org/issue2588
http://bugs.python.org/issue2589
http://secunia.com/advisories/31305
http://mail.python.org/pipermail/python-checkins/2008-July/072276.html
http://mail.python.org/pipermail/python-checkins/2008-July/072174.html
http://mail.python.org/pipermail/python-checkins/2008-June/070481.html
0dccaa28-7f3c-11dd-8de5-0030843d3802python -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.

An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.

Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems.

An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a "vsnprintf()" function.

An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.


Discovery 2008-08-04
Entry 2008-09-10
python24
lt 2.4.5_2

python25
lt 2.5.2_3

python23
gt 0

CVE-2008-2315
CVE-2008-2316
CVE-2008-3142
CVE-2008-3144
http://bugs.python.org/issue2620
http://bugs.python.org/issue2588
http://bugs.python.org/issue2589
http://secunia.com/advisories/31305
http://mail.python.org/pipermail/python-checkins/2008-July/072276.html
http://mail.python.org/pipermail/python-checkins/2008-July/072174.html
http://mail.python.org/pipermail/python-checkins/2008-June/070481.html
ec41c3e2-129c-11dd-bab7-0016179b2dd5python -- Integer Signedness Error in zlib Module

Justin Ferguson reports:

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.


Discovery 2008-04-10
Entry 2008-04-25
Modified 2008-04-28
python23
lt 2.3.6_1

python24
lt 2.4.5_1

python25
lt 2.5.2_2

CVE-2008-1721
28715
http://securityreason.com/securityalert/3802
http://bugs.python.org/issue2586