FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  365592
Date:      2014-08-21
Time:      19:46:21Z
Committer: zi

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f4428842-a583-4a4c-89b7-297c3459a1c3bogofilter -- RFC 2047 decoder denial-of-service vulnerability

The bogofilter team has been provided with a test case of a malformatted (non-conformant) RFC-2047 encoded word that can cause bogofilter versions 0.92.7 and prior to try to write a NUL byte into a memory location that is either one byte past the end of a flex buffer or to a location that is the negative of the encoded word's start of payload data, causing a segmentation fault.


Discovery 2004-10-09
Entry 2004-10-26
Modified 2004-11-03
bogofilter
bogofilter-qdbm
bogofilter-tdb
ru-bogofilter
ge 0.17.4 lt 0.92.8

73144
CVE-2004-1007
http://article.gmane.org/gmane.mail.bogofilter.devel/3308
http://article.gmane.org/gmane.mail.bogofilter.devel/3317
http://bugs.debian.org/275373
http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01
25ed4ff8-8940-11df-a339-0026189baca3bogofilter -- heap underrun on malformed base64 input

Julius Plenz reports:

I found a bug in the base64_decode function which may cause memory corruption when the function is executed on a malformed base64 encoded string.

If a string starting with an equal-sign is passed to the base64_decode function it triggers a memory corruption that in some cases makes bogofilter crash.


Discovery 2010-06-28
Entry 2010-07-06
bogofilter
lt 1.2.1_2

bogofilter-sqlite
lt 1.2.1_1

bogofilter-tc
lt 1.2.1_1

CVE-2010-2494
http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01
f524d8e0-3d83-11e2-807a-080027ef73ecbogofilter -- heap corruption by invalid base64 input

David Relson reports:

Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz, [FU Berlin, Germany].


Discovery 2012-10-17
Entry 2012-12-03
bogofilter
lt 1.2.3

bogofilter-sqlite
lt 1.2.3

bogofilter-tc
lt 1.2.3

CVE-2012-5468
http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01
f4428842-a583-4a4c-89b7-297c3459a1c3bogofilter -- RFC 2047 decoder denial-of-service vulnerability

The bogofilter team has been provided with a test case of a malformatted (non-conformant) RFC-2047 encoded word that can cause bogofilter versions 0.92.7 and prior to try to write a NUL byte into a memory location that is either one byte past the end of a flex buffer or to a location that is the negative of the encoded word's start of payload data, causing a segmentation fault.


Discovery 2004-10-09
Entry 2004-10-26
Modified 2004-11-03
bogofilter
bogofilter-qdbm
bogofilter-tdb
ru-bogofilter
ge 0.17.4 lt 0.92.8

73144
CVE-2004-1007
http://article.gmane.org/gmane.mail.bogofilter.devel/3308
http://article.gmane.org/gmane.mail.bogofilter.devel/3317
http://bugs.debian.org/275373
http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01
f524d8e0-3d83-11e2-807a-080027ef73ecbogofilter -- heap corruption by invalid base64 input

David Relson reports:

Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz, [FU Berlin, Germany].


Discovery 2012-10-17
Entry 2012-12-03
bogofilter
lt 1.2.3

bogofilter-sqlite
lt 1.2.3

bogofilter-tc
lt 1.2.3

CVE-2012-5468
http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01
25ed4ff8-8940-11df-a339-0026189baca3bogofilter -- heap underrun on malformed base64 input

Julius Plenz reports:

I found a bug in the base64_decode function which may cause memory corruption when the function is executed on a malformed base64 encoded string.

If a string starting with an equal-sign is passed to the base64_decode function it triggers a memory corruption that in some cases makes bogofilter crash.


Discovery 2010-06-28
Entry 2010-07-06
bogofilter
lt 1.2.1_2

bogofilter-sqlite
lt 1.2.1_1

bogofilter-tc
lt 1.2.1_1

CVE-2010-2494
http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01