FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371321
Date:      2014-10-21
Time:      13:58:33Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f524d8e0-3d83-11e2-807a-080027ef73ecbogofilter -- heap corruption by invalid base64 input

David Relson reports:

Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz, [FU Berlin, Germany].


Discovery 2012-10-17
Entry 2012-12-03
bogofilter
lt 1.2.3

bogofilter-sqlite
lt 1.2.3

bogofilter-tc
lt 1.2.3

CVE-2012-5468
http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01
92140bc9-7bde-11da-8ec4-0002b3b60e4cbogofilter -- heap corruption through malformed input

Matthias Andree reports:

When using Unicode databases (default in more recent bogofilter installations), upon encountering invalid input sequences, bogofilter or bogolexer could overrun a malloc()'d buffer, corrupting the heap, while converting character sets. Bogofilter would usually be processing untrusted data received from the network at that time.

This problem was aggravated by an unrelated bug that made bogofilter process binary attachments as though they were text, and attempt charset conversion on them. Given the MIME default character set, US-ASCII, all input octets in the range 0x80...0xff were considered invalid input sequences and could trigger the heap corruption.


Discovery 2005-10-22
Entry 2006-01-07
bogofilter
ge 0.93.5 lt 0.96.3

CVE-2005-4591
http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01
25ed4ff8-8940-11df-a339-0026189baca3bogofilter -- heap underrun on malformed base64 input

Julius Plenz reports:

I found a bug in the base64_decode function which may cause memory corruption when the function is executed on a malformed base64 encoded string.

If a string starting with an equal-sign is passed to the base64_decode function it triggers a memory corruption that in some cases makes bogofilter crash.


Discovery 2010-06-28
Entry 2010-07-06
bogofilter
lt 1.2.1_2

bogofilter-sqlite
lt 1.2.1_1

bogofilter-tc
lt 1.2.1_1

CVE-2010-2494
http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01
25ed4ff8-8940-11df-a339-0026189baca3bogofilter -- heap underrun on malformed base64 input

Julius Plenz reports:

I found a bug in the base64_decode function which may cause memory corruption when the function is executed on a malformed base64 encoded string.

If a string starting with an equal-sign is passed to the base64_decode function it triggers a memory corruption that in some cases makes bogofilter crash.


Discovery 2010-06-28
Entry 2010-07-06
bogofilter
lt 1.2.1_2

bogofilter-sqlite
lt 1.2.1_1

bogofilter-tc
lt 1.2.1_1

CVE-2010-2494
http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01
92140bc9-7bde-11da-8ec4-0002b3b60e4cbogofilter -- heap corruption through malformed input

Matthias Andree reports:

When using Unicode databases (default in more recent bogofilter installations), upon encountering invalid input sequences, bogofilter or bogolexer could overrun a malloc()'d buffer, corrupting the heap, while converting character sets. Bogofilter would usually be processing untrusted data received from the network at that time.

This problem was aggravated by an unrelated bug that made bogofilter process binary attachments as though they were text, and attempt charset conversion on them. Given the MIME default character set, US-ASCII, all input octets in the range 0x80...0xff were considered invalid input sequences and could trigger the heap corruption.


Discovery 2005-10-22
Entry 2006-01-07
bogofilter
ge 0.93.5 lt 0.96.3

CVE-2005-4591
http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01
f524d8e0-3d83-11e2-807a-080027ef73ecbogofilter -- heap corruption by invalid base64 input

David Relson reports:

Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz, [FU Berlin, Germany].


Discovery 2012-10-17
Entry 2012-12-03
bogofilter
lt 1.2.3

bogofilter-sqlite
lt 1.2.3

bogofilter-tc
lt 1.2.3

CVE-2012-5468
http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01