FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  372986
Date:      2014-11-21
Time:      11:06:59Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
fb03b1c6-8a8a-11d9-81f7-02023f003c9fuim -- privilege escalation vulnerability

The uim developers reports:

Takumi ASAKI discovered that uim always trusts environment variables. But this is not correct behavior, sometimes environment variables shouldn't be trusted. This bug causes privilege escalation when libuim is linked against setuid/setgid application. Since GTK+ prohibits setuid/setgid applications, the bug appears only in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.)


Discovery 2005-02-21
Entry 2005-03-01
ja-uim
lt 0.4.6

CVE-2005-0503
http://lists.freedesktop.org/pipermail/uim/2005-February/000996.html
12604
http://secunia.com/advisories/13981
1e606080-3293-11da-ac91-020039488e34uim -- privilege escalation vulnerability

The uim developers reports:

Masanari Yamamoto discovered that incorrect use of environment variables in uim. This bug causes privilege escalation if setuid/setgid applications was linked to libuim.

This bug appears in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.) In some distribution, mlterm is also an setuid/setgid application.


Discovery 2005-09-28
Entry 2005-10-01
ja-uim
lt 0.4.9.1

http://lists.freedesktop.org/archives/uim/2005-September/001346.html
fb03b1c6-8a8a-11d9-81f7-02023f003c9fuim -- privilege escalation vulnerability

The uim developers reports:

Takumi ASAKI discovered that uim always trusts environment variables. But this is not correct behavior, sometimes environment variables shouldn't be trusted. This bug causes privilege escalation when libuim is linked against setuid/setgid application. Since GTK+ prohibits setuid/setgid applications, the bug appears only in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.)


Discovery 2005-02-21
Entry 2005-03-01
ja-uim
lt 0.4.6

CVE-2005-0503
http://lists.freedesktop.org/pipermail/uim/2005-February/000996.html
12604
http://secunia.com/advisories/13981
1e606080-3293-11da-ac91-020039488e34uim -- privilege escalation vulnerability

The uim developers reports:

Masanari Yamamoto discovered that incorrect use of environment variables in uim. This bug causes privilege escalation if setuid/setgid applications was linked to libuim.

This bug appears in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.) In some distribution, mlterm is also an setuid/setgid application.


Discovery 2005-09-28
Entry 2005-10-01
ja-uim
lt 0.4.9.1

http://lists.freedesktop.org/archives/uim/2005-September/001346.html