FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ef0033ad-5823-11e6-80cc-001517f335e2lighttpd - multiple vulnerabilities

Lighttpd Project reports:

Security fixes for Lighttpd:

  • security: encode quoting chars in HTML and XML

  • security: ensure gid != 0 if server.username is set, but not server.groupname

  • security: disable stat_cache if server.follow-symlink = “disable”

  • security: httpoxy defense: do not emit HTTP_PROXY to CGI env


Discovery 2016-07-31
Entry 2016-08-03
lighttpd
lt 1.4.41

http://www.lighttpd.net/2016/7/31/1.4.41/
ports/211495
92a6efd0-e40d-11e8-ada4-408d5cf35399lighttpd - use-after-free vulnerabilities

Lighttpd Project reports:

Security fixes for Lighttpd:

  • security: process headers after combining folded headers


Discovery 2018-08-26
Entry 2018-11-09
lighttpd
lt 1.4.51

https://www.lighttpd.net/2018/10/14/1.4.51/
ports/232278
dd7f29cc-3ee9-11e5-93ad-002590263bf5lighttpd -- Log injection vulnerability in mod_auth

MITRE reports:

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.


Discovery 2015-05-25
Entry 2015-08-10
lighttpd
lt 1.4.36

CVE-2015-3200
http://redmine.lighttpd.net/issues/2646