1  <vuln vid="c3d43001-8064-11e4-801f-0022156e8794">
2    <topic>mutt -- denial of service via crafted mail message</topic>
3    <affects>
4      <package>
5	<name>mutt</name>
6	<range><ge>1.5.22</ge><lt>1.5.23_7</lt></range>
7      </package>
8      <package>
9	<name>ja-mutt</name>
10	<range><ge>1.5.22</ge><lt>1.5.23_7</lt></range>
11      </package>
12      <package>
13	<name>zh-mutt</name>
14	<range><ge>1.5.22</ge><lt>1.5.23_7</lt></range>
15      </package>
16    </affects>
17    <description>
18      <body xmlns="http://www.w3.org/1999/xhtml">
19	<p>NVD reports:</p>
20	<blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9116">
21	  <p>The write_one_header function in mutt 1.5.23 does not
22	  properly handle newline characters at the beginning of a
23	  header, which allows remote attackers to cause a denial of
24	  service (crash) via a header with an empty body, which
25	  triggers a heap-based buffer overflow in the mutt_substrdup
26	  function.</p>
27	</blockquote>
28      </body>
29    </description>
30    <references>
31      <bid>71334</bid>
32      <cvename>CVE-2014-9116</cvename>
33      <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125</url>
34      <url>http://dev.mutt.org/trac/ticket/3716</url>
35    </references>
36    <dates>
37      <discovery>2014-11-26</discovery>
38      <entry>2014-12-23</entry>
39    </dates>
40  </vuln>
41
42  <vuln vid="4033d826-87dd-11e4-9079-3c970e169bc2">
43    <topic>ntp -- multiple vulnerabilities</topic>
44    <affects>
45      <package>
46	<name>ntp</name>
47	<name>ntp-devel</name>
48	<range><lt>4.2.8</lt></range>
49      </package>
50    </affects>
51    <description>
52      <body xmlns="http://www.w3.org/1999/xhtml">
53	<p>CERT reports:</p>
54	<blockquote cite="http://www.kb.cert.org/vuls/id/852879">
55	  <p>The Network Time Protocol (NTP) provides networked
56	    systems with a way to synchronize time for various
57	    services and applications. ntpd version 4.2.7 and
58	    previous versions allow attackers to overflow several
59	    buffers in a way that may allow malicious code to
60	    be executed. ntp-keygen prior to version 4.2.7p230
61	    also uses a non-cryptographic random number generator
62	    when generating symmetric keys.</p>
63	  <p>The buffer overflow vulnerabilities in ntpd may
64	    allow a remote unauthenticated attacker to execute
65	    arbitrary malicious code with the privilege level
66	    of the ntpd process. The weak default key and
67	    non-cryptographic random number generator in
68	    ntp-keygen may allow an attacker to gain
69	    information regarding the integrity checking
70	    and authentication encryption schemes.</p>
71	</blockquote>
72      </body>
73    </description>
74    <references>
75      <cvename>CVE-2014-9293</cvename>
76      <cvename>CVE-2014-9294</cvename>
77      <cvename>CVE-2014-9295</cvename>
78      <cvename>CVE-2014-9296</cvename>
79      <url>http://www.kb.cert.org/vuls/id/852879</url>
80    </references>
81    <dates>
82      <discovery>2014-12-19</discovery>
83      <entry>2014-12-20</entry>
84    </dates>
85  </vuln>
86
87  <vuln vid="1d567278-87a5-11e4-879c-000c292ee6b8">
88    <topic>git -- Arbitrary command execution on case-insensitive filesystems</topic>
89    <affects>
90      <package>
91	<name>git</name>
92	<range><lt>2.2.1</lt></range>
93      </package>
94    </affects>
95    <description>
96      <body xmlns="http://www.w3.org/1999/xhtml">
97	<p>The Git Project reports:</p>
98	<blockquote cite="http://article.gmane.org/gmane.linux.kernel/1853266">
99	  <p>When using a case-insensitive filesystem an attacker can
100	    craft a malicious Git tree that will cause Git to overwrite
101	    its own .git/config file when cloning or checking out a
102	    repository, leading to arbitrary command execution in the
103	    client machine.  If you are a hosting service whose users
104	    may fetch from your service to Windows or Mac OS X machines,
105	    you are strongly encouraged to update to protect such users
106	    who use existing versions of Git.</p>
107	</blockquote>
108      </body>
109    </description>
110    <references>
111      <cvename>CVE-2014-9390</cvename>
112      <url>https://github.com/blog/1938-git-client-vulnerability-announced</url>
113      <url>http://article.gmane.org/gmane.linux.kernel/1853266</url>
114    </references>
115    <dates>
116      <discovery>2014-12-19</discovery>
117      <entry>2014-12-19</entry>
118    </dates>
119  </vuln>
120
121  <vuln vid="0c5cf7c4-856e-11e4-a089-60a44c524f57">
122    <topic>otrs -- Incomplete Access Control</topic>
123    <affects>
124      <package>
125	<name>otrs</name>
126	<range><gt>3.2.*</gt><lt>3.2.17</lt></range>
127	<range><gt>3.3.*</gt><lt>3.3.11</lt></range>
128	<range><gt>4.0.*</gt><lt>4.0.3</lt></range>
129      </package>
130    </affects>
131    <description>
132      <body xmlns="http://www.w3.org/1999/xhtml">
133	<p>The OTRS project reports:</p>
134	<blockquote cite="http://www.otrs.com/security-advisory-2014-06-incomplete-access-control/">
135	  <p>An attacker with valid OTRS credentials could access and manipulate ticket data
136	     of other users via the GenericInterface, if a ticket webservice is configured
137	     and not additionally secured.</p>
138	</blockquote>
139      </body>
140    </description>
141    <references>
142      <url>http://www.otrs.com/security-advisory-2014-06-incomplete-access-control/</url>
143      <cvename>CVE-2014-9324</cvename>
144    </references>
145    <dates>
146      <discovery>2014-12-16</discovery>
147      <entry>2014-12-16</entry>
148    </dates>
149  </vuln>
150
151  <vuln vid="f5561ade-846c-11e4-b7a7-20cf30e32f6d">
152    <topic>subversion -- DoS vulnerabilities</topic>
153    <affects>
154      <package>
155	<name>mod_dav_svn</name>
156	<range><ge>1.8.0</ge><lt>1.8.11</lt></range>
157      </package>
158      <package>
159	<name>subversion16</name>
160	<range><ge>1.0.0</ge><lt>1.7.19</lt></range>
161      </package>
162      <package>
163	<name>subversion17</name>
164	<range><ge>1.0.0</ge><lt>1.7.19</lt></range>
165      </package>
166      <package>
167	<name>subversion</name>
168	<range><ge>1.0.0</ge><lt>1.7.19</lt></range>
169	<range><ge>1.8.0</ge><lt>1.8.11</lt></range>
170      </package>
171    </affects>
172    <description>
173      <body xmlns="http://www.w3.org/1999/xhtml">
174	<p>Subversion Project reports:</p>
175	<blockquote cite="http://subversion.apache.org/security/">
176	  <p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it
177	     receives a REPORT request for some invalid formatted special URIs.</p>
178	  <p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it
179	     receives a request for some invalid formatted special URIs.</p>
180	  <p>We consider this to be a medium risk vulnerability.  Repositories which
181	     allow for anonymous reads will be vulnerable without authentication.
182	     Unfortunately, no special configuration is required and all mod_dav_svn
183	     servers are vulnerable.</p>
184	</blockquote>
185      </body>
186    </description>
187    <references>
188      <cvename>CVE-2014-3580</cvename>
189      <cvename>CVE-2014-8108</cvename>
190      <url>http://subversion.apache.org/security/CVE-2014-3580-advisory.txt</url>
191      <url>http://subversion.apache.org/security/CVE-2014-8108-advisory.txt</url>
192    </references>
193    <dates>
194      <discovery>2014-12-13</discovery>
195      <entry>2014-12-15</entry>
196    </dates>
197  </vuln>
198
199  <vuln vid="fdf72a0e-8371-11e4-bc20-001636d274f3">
200    <topic>NVIDIA UNIX driver -- remote denial of service or arbitrary code execution</topic>
201    <affects>
202      <package>
203	<name>nvidia-driver</name>
204	<range><lt>340.65</lt></range>
205      </package>
206      <package>
207	<name>nvidia-driver-304</name>
208	<range><lt>304.125</lt></range>
209      </package>
210      <package>
211	<name>nvidia-driver-173</name>
212	<range><le>173.14.35_3</le></range>
213      </package>
214      <package>
215	<name>nvidia-driver-96</name>
216	<range><le>96.43.23_2</le></range>
217      </package>
218      <package>
219	<name>nvidia-driver-71</name>
220	<range><le>71.86.15_4</le></range>
221      </package>
222    </affects>
223    <description>
224      <body xmlns="http://www.w3.org/1999/xhtml">
225	<p>NVIDIA Unix security team reports:</p>
226	<blockquote cite="http://nvidia.custhelp.com/app/answers/detail/a_id/3610">
227	  <p>The GLX indirect rendering support supplied on NVIDIA products
228	     is subject to the recently disclosed X.Org vulnerabilities
229	     (CVE-2014-8093, CVE-2014-8098) as well as internally identified
230	     vulnerabilities (CVE-2014-8298).</p>
231	  <p>Depending on how it is configured, the X server typically runs
232	     with raised privileges, and listens for GLX indirect rendering
233	     protocol requests from a local socket and potentially a TCP/IP
234	     port.  The vulnerabilities could be exploited in a way that
235	     causes the X server to access uninitialized memory or overwrite
236	     arbitrary memory in the X server process.  This can cause a
237	     denial of service (e.g., an X server segmentation fault), or
238	     could be exploited to achieve arbitrary code execution.</p>
239	</blockquote>
240      </body>
241    </description>
242    <references>
243      <cvename>CVE-2014-8298</cvename>
244      <cvename>CVE-2014-8093</cvename>
245      <cvename>CVE-2014-8098</cvename>
246    </references>
247    <dates>
248      <discovery>2014-12-03</discovery>
249      <entry>2014-12-14</entry>
250    </dates>
251  </vuln>
252
253  <vuln vid="ab3e98d9-8175-11e4-907d-d050992ecde8">
254    <topic>bind -- denial of service vulnerability</topic>
255    <affects>
256      <package>
257	<name>bind99</name>
258	<name>bind99-base</name>
259	<range><lt>9.9.6</lt></range>
260      </package>
261      <package>
262	<name>bind98</name>
263	<name>bind98-base</name>
264	<name>bind96</name>
265	<name>bind96-base</name>
266	<range><gt>0</gt></range>
267      </package>
268      <package>
269	<name>FreeBSD</name>
270	<range><ge>9.3</ge><lt>9.3_6</lt></range>
271	<range><ge>9.2</ge><lt>9.2_16</lt></range>
272	<range><ge>9.1</ge><lt>9.1_23</lt></range>
273	<range><ge>8.4</ge><lt>8.4_20</lt></range>
274      </package>
275    </affects>
276    <description>
277      <body xmlns="http://www.w3.org/1999/xhtml">
278	<p>ISC reports:</p>
279	<blockquote cite="https://www.isc.org/blogs/important-security-advisory-posted/">
280	  <p>We have today posted updated versions of 9.9.6 and 9.10.1
281	    to address a significant security vulnerability in DNS
282	    resolution. The flaw was discovered by Florian Maury of
283	    ANSSI, and applies to any recursive resolver that does not
284	    support a limit on the number of recursions. [<a href="http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html">CERTFR-2014-AVI-512</a>],
285	    [USCERT <a href="www.kb.cert.org/vuls/id/264212">VU#264212</a>]</p>
286	  <p>A flaw in delegation handling could be exploited to put named
287	    into an infinite loop, in which each lookup of a name server
288	    triggered additional lookups of more name servers.  This has
289	    been addressed by placing limits on the number of levels of
290	    recursion named will allow (default 7), and on the number of
291	    queries that it will send before terminating a recursive query
292	    (default 50).  The recursion depth limit is configured via the
293	    max-recursion-depth option, and the query limit via the
294	    max-recursion-queries option.  For more information, see the
295	    security advisory at <a href="https://kb.isc.org/article/AA-01216/">https://kb.isc.org/article/AA-01216/</a>.
296	    <a href="https://kb.isc.org/article/AA-01216/">[CVE-2014-8500]</a>
297	    [RT #37580]</p>
298	  <p>In addition, we have also corrected a potential security
299	    vulnerability in the GeoIP feature in the 9.10.1 release only.
300	    For more information on this issue, see the security advisory
301	    at <a href="https://kb.isc.org/article/AA-01217">https://kb.isc.org/article/AA-01217</a>.
302	    <a href="https://kb.isc.org/article/AA-01217">[CVE-2014-8680]</a></p>
303	</blockquote>
304      </body>
305    </description>
306    <references>
307      <freebsdsa>SA-14:29.bind</freebsdsa>
308      <cvename>CVE-2014-8500</cvename>
309      <cvename>CVE-2014-8680</cvename>
310      <url>https://www.isc.org/blogs/important-security-advisory-posted/</url>
311    </references>
312    <dates>
313      <discovery>2014-12-08</discovery>
314      <entry>2014-12-11</entry>
315      <modified>2016-08-09</modified>
316    </dates>
317  </vuln>
318
319  <vuln vid="94268da0-8118-11e4-a180-001999f8d30b">
320    <topic>asterisk -- Remote Crash Vulnerability in WebSocket Server</topic>
321    <affects>
322      <package>
323	<name>asterisk11</name>
324	<range><lt>11.14.2</lt></range>
325      </package>
326    </affects>
327    <description>
328      <body xmlns="http://www.w3.org/1999/xhtml">
329	<p>The Asterisk project reports:</p>
330	<blockquote cite="http://www.asterisk.org/downloads/security-advisories">
331	  <p>When handling a WebSocket frame the res_http_websocket
332	  module dynamically changes the size of the memory used
333	  to allow the provided payload to fit. If a payload length
334	  of zero was received the code would incorrectly attempt
335	  to resize to zero. This operation would succeed and end
336	  up freeing the memory but be treated as a failure. When
337	  the session was subsequently torn down this memory would
338	  get freed yet again causing a crash.</p>
339	  <p>Users of the WebSocket functionality also did not take
340	  into account that provided text frames are not guaranteed
341	  to be NULL terminated. This has been fixed in chan_sip
342	  and chan_pjsip in the applicable versions.</p>
343	</blockquote>
344      </body>
345    </description>
346    <references>
347      <url>http://downloads.asterisk.org/pub/security/AST-2014-019.html</url>
348      <cvename>CVE-2014-9374</cvename>
349    </references>
350    <dates>
351      <discovery>2014-10-30</discovery>
352      <entry>2014-12-11</entry>
353      <modified>2015-01-29</modified>
354    </dates>
355  </vuln>
356
357  <vuln vid="27b9b2f0-8081-11e4-b4ca-bcaec565249c">
358    <topic>xserver -- multiple issue with X client request handling</topic>
359    <affects>
360      <package>
361	<name>xorg-server</name>
362	<range><lt>1.12.4_10,1</lt></range>
363      </package>
364    </affects>
365    <description>
366      <body xmlns="http://www.w3.org/1999/xhtml">
367	<p>Alan Coopersmith reports:</p>
368	<blockquote cite="http://lists.x.org/archives/xorg-announce/2014-December/002500.html">
369	  <p>Ilja van Sprundel, a security researcher with IOActive, has
370	    discovered a large number of issues in the way the X server
371	    code base handles requests from X clients, and has worked
372	    with X.Org's security team to analyze, confirm, and fix
373	    these issues.</p>
374
375	  <p>The vulnerabilities could be exploited to cause the X server
376	    to access uninitialized memory or overwrite arbitrary memory
377	    in the X server process.  This can cause a denial of service
378	    (e.g., an X server segmentation fault), or could be exploited
379	    to achieve arbitrary code execution.</p>
380
381	  <p>The GLX extension to the X Window System allows an X client
382	    to send X protocol to the X server, to request that the X
383	    server perform OpenGL rendering on behalf of the X client.
384	    This is known as "GLX indirect rendering", as opposed to
385	    "GLX direct rendering" where the X client submits OpenGL
386	    rendering commands directly to the GPU, bypassing the X
387	    server and avoiding the X server code for GLX protocol
388	    handling.</p>
389
390	  <p>Most GLX indirect rendering implementations share some
391	    common ancestry, dating back to "Sample Implementation"
392	    code from Silicon Graphics, Inc (SGI), which SGI
393	    originally commercially licensed to other Unix workstation
394	    and graphics vendors, and later released as open source, so
395	    those vulnerabilities may affect other licensees of SGI's
396	    code base beyond those running code from the X.Org Foundation
397	    or the XFree86 Project.</p>
398	</blockquote>
399      </body>
400    </description>
401    <references>
402      <url>http://lists.x.org/archives/xorg-announce/2014-December/002500.html</url>
403      <cvename>CVE-2014-8091</cvename>
404      <cvename>CVE-2014-8092</cvename>
405      <cvename>CVE-2014-8093</cvename>
406      <cvename>CVE-2014-8094</cvename>
407      <cvename>CVE-2014-8095</cvename>
408      <cvename>CVE-2014-8096</cvename>
409      <cvename>CVE-2014-8097</cvename>
410      <cvename>CVE-2014-8098</cvename>
411      <cvename>CVE-2014-8099</cvename>
412      <cvename>CVE-2014-8100</cvename>
413      <cvename>CVE-2014-8101</cvename>
414      <cvename>CVE-2014-8102</cvename>
415    </references>
416    <dates>
417      <discovery>2014-12-09</discovery>
418      <entry>2014-12-10</entry>
419    </dates>
420  </vuln>
421
422  <vuln vid="10d73529-7f4b-11e4-af66-00215af774f0">
423    <topic>unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources</topic>
424    <affects>
425      <package>
426	<name>unbound</name>
427	<range><lt>1.5.1</lt></range>
428      </package>
429      <package>
430	<name>FreeBSD</name>
431	<range><ge>10.0</ge><lt>10.0_14</lt></range>
432	<range><ge>10.1</ge><lt>10.1_2</lt></range>
433      </package>
434    </affects>
435    <description>
436      <body xmlns="http://www.w3.org/1999/xhtml">
437	<p>Unbound developer reports:</p>
438	<blockquote cite="http://unbound.net/downloads/CVE-2014-8602.txt">
439	  <p>The resolver can be tricked into following an endless series of
440	    delegations, this consumes a lot of resources.</p>
441	</blockquote>
442      </body>
443    </description>
444    <references>
445      <url>http://unbound.net/downloads/CVE-2014-8602.txt</url>
446      <freebsdsa>SA-14:30.unbound</freebsdsa>
447      <cvename>CVE-2014-8602</cvename>
448    </references>
449    <dates>
450      <discovery>2014-12-08</discovery>
451      <entry>2014-12-09</entry>
452      <modified>2016-08-09</modified>
453    </dates>
454  </vuln>
455
456  <vuln vid="567beb1e-7e0a-11e4-b9cc-bcaec565249c">
457    <topic>freetype -- Out of bounds stack-based read/write</topic>
458    <affects>
459      <package>
460	<name>freetype2</name>
461	<range><lt>2.5.4</lt></range>
462      </package>
463    </affects>
464    <description>
465      <body xmlns="http://www.w3.org/1999/xhtml">
466	<p>Werner LEMBERG reports:</p>
467	<blockquote cite="http://lists.nongnu.org/archive/html/freetype-announce/2014-12/msg00000.html">
468	  <p>The fix for CVE-2014-2240 was not 100% complete to fix the issue
469	    from the CVE completly.</p>
470	</blockquote>
471      </body>
472    </description>
473    <references>
474      <url>http://lists.nongnu.org/archive/html/freetype-announce/2014-12/msg00000.html</url>
475      <cvename>CVE-2014-2240</cvename>
476    </references>
477    <dates>
478      <discovery>2014-12-07</discovery>
479      <entry>2014-12-07</entry>
480    </dates>
481  </vuln>
482
483  <vuln vid="c9c46fbf-7b83-11e4-a96e-6805ca0b3d42">
484    <topic>phpMyAdmin -- XSS and DoS vulnerabilities</topic>
485    <affects>
486      <package>
487	<name>phpMyAdmin</name>
488	<range><ge>4.2.0</ge><lt>4.2.13.1</lt></range>
489      </package>
490    </affects>
491    <description>
492      <body xmlns="http://www.w3.org/1999/xhtml">
493	<p>The phpMyAdmin development team reports:</p>
494	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php">
495	  <p>DoS vulnerability with long passwords.</p>
496	  <p>With very long passwords it was possible to initiate a
497	    denial of service attack on phpMyAdmin.</p>
498	  <p>We consider this vulnerability to be serious.</p>
499	  <p>This vulnerability can be mitigated by configuring
500	    throttling in the webserver.</p>
501	</blockquote>
502
503	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php">
504	  <p>XSS vulnerability in redirection mechanism.</p>
505	  <p>With a crafted URL it was possible to trigger an XSS in
506	    the redirection mechanism in phpMyAdmin.</p>
507	  <p>We consider this vulnerability to be non critical.</p>
508	</blockquote>
509      </body>
510    </description>
511    <references>
512      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php</url>
513      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php</url>
514      <cvename>CVE-2014-9218</cvename>
515      <cvename>CVE-2014-9219</cvename>
516    </references>
517    <dates>
518      <discovery>2014-12-03</discovery>
519      <entry>2014-12-04</entry>
520    </dates>
521  </vuln>
522
523  <vuln vid="7ae61870-9dd2-4884-a2f2-f19bb5784d09">
524    <topic>mozilla -- multiple vulnerabilities</topic>
525    <affects>
526      <package>
527	<name>firefox</name>
528	<range><lt>34.0,1</lt></range>
529      </package>
530      <package>
531	<name>firefox-esr</name>
532	<range><lt>31.3.0,1</lt></range>
533      </package>
534      <package>
535	<name>linux-firefox</name>
536	<range><lt>34.0,1</lt></range>
537      </package>
538      <package>
539	<name>linux-seamonkey</name>
540	<range><lt>2.31</lt></range>
541      </package>
542      <package>
543	<name>linux-thunderbird</name>
544	<range><lt>31.3.0</lt></range>
545      </package>
546      <package>
547	<name>seamonkey</name>
548	<range><lt>2.31</lt></range>
549      </package>
550      <package>
551	<name>thunderbird</name>
552	<range><lt>31.3.0</lt></range>
553      </package>
554      <package>
555	<name>libxul</name>
556	<range><lt>31.3.0</lt></range>
557      </package>
558      <package>
559	<name>nss</name>
560	<range><lt>3.17.3</lt></range>
561      </package>
562    </affects>
563    <description>
564      <body xmlns="http://www.w3.org/1999/xhtml">
565	<p>The Mozilla Project reports:</p>
566	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
567	  <p>ASN.1 DER decoding of lengths is too permissive, allowing
568	    undetected smuggling of arbitrary data</p>
569	  <p>MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10
570	    logging input data to /tmp directory</p>
571	  <p>MFSA-2014-89 Bad casting from the BasicThebesLayer to
572	    BasicContainerLayer</p>
573	  <p>MFSA-2014-88 Buffer overflow while parsing media content</p>
574	  <p>MFSA-2014-87 Use-after-free during HTML5 parsing</p>
575	  <p>MFSA-2014-86 CSP leaks redirect data via violation reports</p>
576	  <p>MFSA-2014-85 XMLHttpRequest crashes with some input streams</p>
577	  <p>MFSA-2014-84 XBL bindings accessible via improper CSS
578	    declarations</p>
579	  <p>MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0
580	    / rv:31.3)</p>
581	</blockquote>
582      </body>
583    </description>
584    <references>
585      <cvename>CVE-2014-1587</cvename>
586      <cvename>CVE-2014-1588</cvename>
587      <cvename>CVE-2014-1589</cvename>
588      <cvename>CVE-2014-1590</cvename>
589      <cvename>CVE-2014-1591</cvename>
590      <cvename>CVE-2014-1592</cvename>
591      <cvename>CVE-2014-1593</cvename>
592      <cvename>CVE-2014-1594</cvename>
593      <cvename>CVE-2014-1595</cvename>
594      <cvename>CVE-2014-1569</cvename>
595      <url>https://www.mozilla.org/security/advisories/mfsa2014-83</url>
596      <url>https://www.mozilla.org/security/advisories/mfsa2014-84</url>
597      <url>https://www.mozilla.org/security/advisories/mfsa2014-85</url>
598      <url>https://www.mozilla.org/security/advisories/mfsa2014-86</url>
599      <url>https://www.mozilla.org/security/advisories/mfsa2014-87</url>
600      <url>https://www.mozilla.org/security/advisories/mfsa2014-88</url>
601      <url>https://www.mozilla.org/security/advisories/mfsa2014-89</url>
602      <url>https://www.mozilla.org/security/advisories/mfsa2014-90</url>
603      <url>https://www.mozilla.org/security/advisories/</url>
604    </references>
605    <dates>
606      <discovery>2014-12-01</discovery>
607      <entry>2014-12-02</entry>
608    </dates>
609  </vuln>
610
611  <vuln vid="23ab5c3e-79c3-11e4-8b1e-d050992ecde8">
612    <topic>OpenVPN -- denial of service security vulnerability</topic>
613    <affects>
614      <package>
615	<name>openvpn</name>
616	<range><lt>2.0.11</lt></range>
617	<range><ge>2.1.0</ge><lt>2.2.3</lt></range>
618	<range><ge>2.3.0</ge><lt>2.3.6</lt></range>
619      </package>
620    </affects>
621    <description>
622      <body xmlns="http://www.w3.org/1999/xhtml">
623	<p>The OpenVPN project reports:</p>
624	<blockquote cite="https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b">
625	  <p>In late November 2014 Dragana Damjanovic notified OpenVPN
626	    developers of a critical denial of service security vulnerability
627	    (CVE-2014-8104). The vulnerability allows an tls-authenticated
628	    client to crash the server by sending a too-short control channel
629	    packet to the server.  In other words this vulnerability is denial
630	    of service only.</p>
631	</blockquote>
632      </body>
633    </description>
634    <references>
635      <cvename>CVE-2014-8104</cvename>
636      <url>https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b</url>
637    </references>
638    <dates>
639      <discovery>2014-12-01</discovery>
640      <entry>2014-12-02</entry>
641    </dates>
642  </vuln>
643
644  <vuln vid="a33addf6-74e6-11e4-a615-f8b156b6dcc8">
645    <topic>flac -- Multiple vulnerabilities</topic>
646    <affects>
647      <package>
648	<name>flac</name>
649	<range><lt>1.3.0_3</lt></range>
650      </package>
651      <package>
652	<name>linux-c6-flac</name>
653	<range><lt>1.2.1_3</lt></range>
654      </package>
655    </affects>
656    <description>
657      <body xmlns="http://www.w3.org/1999/xhtml">
658	<p>Erik de Castro Lopo reports:</p>
659	<blockquote cite="http://lists.xiph.org/pipermail/flac-dev/2014-November/005226.html">
660	  <p>Google Security Team member, Michele Spagnuolo, recently
661	    found two potential problems in the FLAC code base. They are:</p>
662	  <ul>
663	  <li>CVE-2014-9028: Heap buffer write overflow.</li>
664	  <li>CVE-2014-8962: Heap buffer read overflow.</li>
665	  </ul>
666	</blockquote>
667      </body>
668    </description>
669    <references>
670      <url>https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e</url>
671      <cvename>CVE-2014-8962</cvename>
672      <url>https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85</url>
673      <cvename>CVE-2014-9028</cvename>
674    </references>
675    <dates>
676      <discovery>2014-11-25</discovery>
677      <entry>2014-11-25</entry>
678      <modified>2015-07-15</modified>
679    </dates>
680  </vuln>
681
682  <vuln vid="7bfd797c-716d-11e4-b008-001999f8d30b">
683    <topic>asterisk -- Multiple vulnerabilities</topic>
684    <affects>
685      <package>
686	<name>asterisk11</name>
687	<range><lt>11.14.1</lt></range>
688      </package>
689    </affects>
690    <description>
691      <body xmlns="http://www.w3.org/1999/xhtml">
692	<p>The Asterisk project reports:</p>
693	<blockquote cite="http://www.asterisk.org/downloads/security-advisories">
694	  <p>AST-2014-014 - High call load may result in hung
695	  channels in ConfBridge.</p>
696	  <p>AST-2014-017 - Permission escalation through ConfBridge
697	  actions/dialplan functions.</p>
698	</blockquote>
699      </body>
700    </description>
701    <references>
702      <url>http://downloads.asterisk.org/pub/security/AST-2014-014.html</url>
703      <cvename>CVE-2014-8414</cvename>
704      <url>http://downloads.asterisk.org/pub/security/AST-2014-017.html</url>
705      <cvename>CVE-2014-8417</cvename>
706    </references>
707    <dates>
708      <discovery>2014-11-21</discovery>
709      <entry>2014-11-21</entry>
710    </dates>
711  </vuln>
712
713  <vuln vid="a92ed304-716c-11e4-b008-001999f8d30b">
714    <topic>asterisk -- Multiple vulnerabilities</topic>
715    <affects>
716      <package>
717	<name>asterisk</name>
718	<range><lt>1.8.32.1</lt></range>
719      </package>
720      <package>
721	<name>asterisk11</name>
722	<range><lt>11.14.1</lt></range>
723      </package>
724    </affects>
725    <description>
726      <body xmlns="http://www.w3.org/1999/xhtml">
727	<p>The Asterisk project reports:</p>
728	<blockquote cite="https://www.asterisk.org/security">
729	  <p>AST-2014-012 - Mixed IP address families in access
730	  control lists may permit unwanted traffic.</p>
731	  <p>AST-2014-018 - AMI permission escalation through DB
732	  dialplan function.</p>
733	</blockquote>
734      </body>
735    </description>
736    <references>
737      <url>http://downloads.asterisk.org/pub/security/AST-2014-012.html</url>
738      <cvename>CVE-2014-8412</cvename>
739      <url>http://downloads.asterisk.org/pub/security/AST-2014-018.html</url>
740      <cvename>CVE-2014-8418</cvename>
741    </references>
742    <dates>
743      <discovery>2014-11-21</discovery>
744      <entry>2014-11-21</entry>
745    </dates>
746  </vuln>
747
748  <vuln vid="a5d4a82a-7153-11e4-88c7-6805ca0b3d42">
749    <topic>phpMyAdmin -- XSS and information disclosure vulnerabilities</topic>
750    <affects>
751      <package>
752	<name>phpMyAdmin</name>
753	<range><ge>4.2.0</ge><lt>4.2.12</lt></range>
754      </package>
755    </affects>
756    <description>
757      <body xmlns="http://www.w3.org/1999/xhtml">
758	<p>The phpMyAdmin development team reports:</p>
759	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php">
760	  <ul>
761	    <li>With a crafted database, table or column name it is
762	      possible to trigger an XSS attack in the table browse
763	      page.</li>
764	    <li>With a crafted ENUM value it is possible to trigger
765	      XSS attacks in the table print view and zoom search
766	      pages.</li>
767	    <li>With a crafted value for font size it is possible to
768	      trigger an XSS attack in the home page.</li>
769	  </ul>
770	  <p>These vulnerabilities can be triggered only by someone
771	    who is logged in to phpMyAdmin, as the usual token
772	    protection prevents non-logged-in users from accessing the
773	    required pages. Moreover, exploitation of the XSS
774	    vulnerability related to the font size requires forgery of
775	    the pma_fontsize cookie.</p>
776	</blockquote>
777	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php">
778	  <p> In the GIS editor feature, a parameter specifying the
779	    geometry type was not correcly validated, opening the door
780	    to a local file inclusion attack.</p>
781	  <p>This vulnerability can be triggered only by someone who
782	    is logged in to phpMyAdmin, as the usual token protection
783	    prevents non-logged-in users from accessing the required
784	    page.</p>
785	</blockquote>
786	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php">
787	  <p>With a crafted file name it is possible to trigger an
788	    XSS in the error reporting page.</p>
789	  <p>This vulnerability can be triggered only by someone who
790	    is logged in to phpMyAdmin, as the usual token protection
791	    prevents non-logged-in users from accessing the required
792	    page.</p>
793	</blockquote>
794	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php">
795	  <p>In the error reporting feature, a parameter specifying
796	    the file was not correctly validated, allowing the
797	    attacker to derive the line count of an arbitrary file</p>
798	  <p>This vulnerability can be triggered only by someone who
799	    is logged in to phpMyAdmin, as the usual token protection
800	    prevents non-logged-in users from accessing the required
801	    page.</p>
802	</blockquote>
803      </body>
804    </description>
805    <references>
806      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php</url>
807      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php</url>
808      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php</url>
809      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php</url>
810      <cvename>CVE-2014-8958</cvename>
811      <cvename>CVE-2014-8959</cvename>
812      <cvename>CVE-2014-8960</cvename>
813      <cvename>CVE-2014-8961</cvename>
814    </references>
815    <dates>
816      <discovery>2014-11-20</discovery>
817      <entry>2014-11-21</entry>
818    </dates>
819  </vuln>
820
821  <vuln vid="890b6b22-70fa-11e4-91ae-5453ed2e2b49">
822    <topic>kwebkitpart, kde-runtime -- insufficient input validation</topic>
823    <affects>
824      <package>
825	<name>kde-runtime</name>
826	<range><lt>4.14.2_2</lt></range>
827      </package>
828      <package>
829	<name>kwebkitpart</name>
830	<range><lt>1.3.2_4</lt></range>
831      </package>
832    </affects>
833    <description>
834      <body xmlns="http://www.w3.org/1999/xhtml">
835	<p>Albert Aastals Cid reports:</p>
836	<blockquote cite="https://www.kde.org/info/security/advisory-20141113-1.txt">
837	  <p>kwebkitpart and the bookmarks:// io slave were not sanitizing
838	    input correctly allowing to some javascript being executed on the
839	    context of the referenced hostname.</p>
840	  <p>Whilst in most cases, the JavaScript will be executed in an
841	    untrusted context, with the bookmarks IO slave, it will be executed
842	    in the context of the referenced hostname. It should however be
843	    noted that KDE mitigates this risk by attempting to ensure that
844	    such URLs cannot be embedded directly into Internet hosted
845	    content.</p>
846	</blockquote>
847      </body>
848    </description>
849    <references>
850      <url>https://www.kde.org/info/security/advisory-20141113-1.txt</url>
851      <cvename>CVE-2014-8600</cvename>
852    </references>
853    <dates>
854      <discovery>2014-11-13</discovery>
855      <entry>2014-11-20</entry>
856    </dates>
857  </vuln>
858
859  <vuln vid="5a35bc56-7027-11e4-a4a3-001999f8d30b">
860    <topic>yii -- Remote arbitrary PHP code execution</topic>
861    <affects>
862      <package>
863	<name>yii</name>
864	<range><lt>1.1.15</lt></range>
865      </package>
866    </affects>
867    <description>
868      <body xmlns="http://www.w3.org/1999/xhtml">
869	<p>Yii PHP Framework developers report:</p>
870	<blockquote cite="http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/">
871	  <p>We are releasing Yii 1.1.15 to fix a security issue
872	  found in 1.1.14. We urge all 1.1.14 users to upgrade their
873	  Yii to this latest release. Note that the issue only
874	  affects 1.1.14. All previous releases are not affected.
875	  Upgrading to this release from 1.1.14 is very safe and
876	  will not break your existing code.</p>
877	  <p>The vulnerability is in the CDetailView widget. When
878	  a Yii application uses this widget and configures the
879	  "value" property of a CDetailView attribute using end
880	  user inputs, it may allow attackers to potentially execute
881	  arbitrary PHP scripts on the server. We are not showing
882	  how to exploit it here to allow users to upgrade before
883	  details about the exploit become publicly known. To our
884	  knowledge the details of this issue are only known to
885	  core team members.</p>
886	</blockquote>
887      </body>
888    </description>
889    <references>
890      <cvename>CVE-2014-4672</cvename>
891      <url>http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix</url>
892    </references>
893    <dates>
894      <discovery>2014-07-03</discovery>
895      <entry>2014-11-19</entry>
896    </dates>
897  </vuln>
898
899  <vuln vid="d395e44f-6f4f-11e4-a444-00262d5ed8ee">
900    <topic>chromium -- multiple vulnerabilities</topic>
901    <affects>
902      <package>
903	<name>chromium</name>
904	<range><lt>39.0.2171.65</lt></range>
905      </package>
906      <package>
907	<name>chromium-pulse</name>
908	<range><lt>39.0.2171.65</lt></range>
909      </package>
910    </affects>
911    <description>
912      <body xmlns="http://www.w3.org/1999/xhtml">
913	<p>Google Chrome Releases reports:</p>
914	<blockquote cite="http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html">
915	  <p>42 security fixes in this release, including:</p>
916	  <ul>
917	    <li>[389734] High CVE-2014-7899: Address bar spoofing. Credit to
918	      Eli Grey.</li>
919	    <li>[406868] High CVE-2014-7900: Use-after-free in pdfium. Credit
920	      to Atte Kettunen from OUSPG.</li>
921	    <li>[413375] High CVE-2014-7901: Integer overflow in pdfium. Credit
922	      to cloudfuzzer.</li>
923	    <li>[414504] High CVE-2014-7902: Use-after-free in pdfium. Credit
924	      to cloudfuzzer.</li>
925	    <li>[414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit
926	      to cloudfuzzer.</li>
927	    <li>[418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to
928	      Atte Kettunen from OUSPG.</li>
929	    <li>[421817] High CVE-2014-7905: Flaw allowing navigation to
930	      intents that do not have the BROWSABLE category. Credit to
931	      WangTao(neobyte) of Baidu X-Team.</li>
932	    <li>[423030] High CVE-2014-7906: Use-after-free in pepper plugins.
933	      Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.</li>
934	    <li>[423703] High CVE-2014-0574: Double-free in Flash. Credit to
935	      biloulehibou.</li>
936	    <li>[424453] High CVE-2014-7907: Use-after-free in blink. Credit to
937	      Chen Zhang (demi6od) of the NSFOCUS Security Team.</li>
938	    <li>[425980] High CVE-2014-7908: Integer overflow in media. Credit
939	      to Christoph Diehl.</li>
940	    <li>[391001] Medium CVE-2014-7909: Uninitialized memory read in
941	      Skia. Credit to miaubiz.</li>
942	    <li>CVE-2014-7910: Various fixes from internal audits, fuzzing and
943	      other initiatives.</li>
944	  </ul>
945	</blockquote>
946      </body>
947    </description>
948    <references>
949      <cvename>CVE-2014-0574</cvename>
950      <cvename>CVE-2014-7899</cvename>
951      <cvename>CVE-2014-7900</cvename>
952      <cvename>CVE-2014-7901</cvename>
953      <cvename>CVE-2014-7902</cvename>
954      <cvename>CVE-2014-7903</cvename>
955      <cvename>CVE-2014-7904</cvename>
956      <cvename>CVE-2014-7905</cvename>
957      <cvename>CVE-2014-7906</cvename>
958      <cvename>CVE-2014-7907</cvename>
959      <cvename>CVE-2014-7908</cvename>
960      <cvename>CVE-2014-7909</cvename>
961      <cvename>CVE-2014-7910</cvename>
962      <url>http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html</url>
963    </references>
964    <dates>
965      <discovery>2014-11-18</discovery>
966      <entry>2014-11-18</entry>
967    </dates>
968  </vuln>
969
970  <vuln vid="dafa13a8-6e9b-11e4-8ef7-5453ed2e2b49">
971    <topic>kde-workspace -- privilege escalation</topic>
972    <affects>
973      <package>
974	<name>kde-workspace</name>
975	<range><lt>4.11.13_1</lt></range>
976      </package>
977    </affects>
978    <description>
979      <body xmlns="http://www.w3.org/1999/xhtml">
980	<p>David Edmundson reports:</p>
981	<blockquote cite="https://www.kde.org/info/security/advisory-20141106-1.txt">
982	  <p>KDE workspace configuration module for setting the date and time
983	    has a helper program which runs as root for performing actions.
984	    This is secured with polkit.</p>
985	  <p>This helper takes the name of the ntp utility to run as an
986	    argument. This allows a hacker to run any arbitrary command as root
987	    under the guise of updating the time.</p>
988	  <p>An application can gain root priveledges from an admin user with
989	    either misleading information or no interaction.</p>
990	  <p>On some systems the user will be shown a prompt to change the
991	    time. However, if the system has policykit-desktop-privileges
992	    installed, the datetime helper will be invoked by an admin user
993	    without any prompts.</p>
994	</blockquote>
995      </body>
996    </description>
997    <references>
998      <cvename>CVE-2014-8651</cvename>
999      <mlist>http://seclists.org/oss-sec/2014/q4/520</mlist>
1000    </references>
1001    <dates>
1002      <discovery>2014-11-06</discovery>
1003      <entry>2014-11-17</entry>
1004    </dates>
1005  </vuln>
1006
1007  <vuln vid="c1930f45-6982-11e4-80e1-bcaec565249c">
1008    <topic>dbus -- incomplete fix for CVE-2014-3636 part A</topic>
1009    <affects>
1010      <package>
1011	<name>dbus</name>
1012	<range><lt>1.8.10</lt></range>
1013      </package>
1014    </affects>
1015    <description>
1016      <body xmlns="http://www.w3.org/1999/xhtml">
1017	<p>Simon McVittie reports:</p>
1018	<blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-November/016395.html">
1019	  <p>The patch issued by the D-Bus maintainers for CVE-2014-3636
1020	    was based on incorrect reasoning, and does not fully prevent
1021	    the attack described as "CVE-2014-3636 part A", which is
1022	    repeated below. Preventing that attack requires raising the
1023	    system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher
1024	    value. CVE-2014-7824 has been allocated for this
1025	    vulnerability.</p>
1026	</blockquote>
1027      </body>
1028    </description>
1029    <references>
1030      <cvename>CVE-2014-7824</cvename>
1031      <url>http://lists.freedesktop.org/archives/dbus/2014-November/016395.html</url>
1032    </references>
1033    <dates>
1034      <discovery>2014-11-10</discovery>
1035      <entry>2014-11-11</entry>
1036    </dates>
1037  </vuln>
1038
1039  <vuln vid="ee7b4f9d-66c8-11e4-9ae1-e8e0b722a85e">
1040    <topic>wget -- path traversal vulnerability in recursive FTP mode</topic>
1041    <affects>
1042      <package>
1043	<name>wget</name>
1044	<range><lt>1.16</lt></range>
1045      </package>
1046    </affects>
1047    <description>
1048      <body xmlns="http://www.w3.org/1999/xhtml">
1049	<p>MITRE reports:</p>
1050	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877">
1051	  <p>Absolute path traversal vulnerability in GNU Wget before
1052	  1.16, when recursion is enabled, allows remote FTP servers
1053	  to write to arbitrary files, and consequently execute
1054	  arbitrary code, via a LIST response that references the same
1055	  filename within two entries, one of which indicates that the
1056	  filename is for a symlink. </p>
1057	</blockquote>
1058      </body>
1059    </description>
1060    <references>
1061      <cvename>CVE-2014-4877</cvename>
1062      <certvu>685996</certvu>
1063    </references>
1064    <dates>
1065      <discovery>2014-10-27</discovery>
1066      <entry>2014-11-08</entry>
1067    </dates>
1068  </vuln>
1069
1070  <vuln vid="0167f5ad-64ea-11e4-98c1-00269ee29e57">
1071    <topic>Konversation -- out-of-bounds read on a heap-allocated array</topic>
1072    <affects>
1073      <package>
1074	<name>konversation</name>
1075	<range><lt>1.5.1</lt></range>
1076      </package>
1077    </affects>
1078    <description>
1079      <body xmlns="http://www.w3.org/1999/xhtml">
1080	<p>Konversation developers report:</p>
1081	<blockquote cite="https://www.kde.org/info/security/advisory-20141104-1.txt">
1082	  <p>Konversation's Blowfish ECB encryption support assumes incoming blocks
1083	  to be the expected 12 bytes. The lack of a sanity-check for the actual
1084	  size can cause a denial of service and an information leak to the local
1085	  user.</p>
1086	</blockquote>
1087      </body>
1088    </description>
1089    <references>
1090      <cvename>CVE-2014-8483</cvename>
1091      <url>https://www.kde.org/info/security/advisory-20141104-1.txt</url>
1092    </references>
1093    <dates>
1094      <discovery>2014-11-04</discovery>
1095      <entry>2014-11-05</entry>
1096    </dates>
1097  </vuln>
1098
1099  <vuln vid="21ce1840-6107-11e4-9e84-0022156e8794">
1100    <topic>twiki -- remote Perl code execution</topic>
1101    <affects>
1102      <package>
1103	<name>twiki</name>
1104	<range><lt>5.1.4_1,1</lt></range>
1105      </package>
1106    </affects>
1107    <description>
1108      <body xmlns="http://www.w3.org/1999/xhtml">
1109	<p>TWiki developers report:</p>
1110	<blockquote cite="http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236">
1111	  <p>The debugenableplugins request parameter allows arbitrary
1112	  Perl code execution.</p>
1113	  <p>Using an HTTP GET request towards a TWiki server,
1114	  add a specially crafted debugenableplugins request parameter
1115	  to TWiki's view script (typically port 80/TCP).
1116	  Prior authentication may or may not be necessary.</p>
1117	  <p>A remote attacker can execute arbitrary Perl code
1118	  to view and modify any file the webserver user has access to.</p>
1119	  <p>Example: http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit</p>
1120	  <p>The TWiki site is vulnerable if you see a page with text
1121	  "Vulnerable!".</p>
1122	</blockquote>
1123      </body>
1124    </description>
1125    <references>
1126      <cvename>CVE-2014-7236</cvename>
1127      <url>http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236</url>
1128    </references>
1129    <dates>
1130      <discovery>2014-10-09</discovery>
1131      <entry>2014-10-31</entry>
1132    </dates>
1133  </vuln>
1134
1135  <vuln vid="0dad9114-60cc-11e4-9e84-0022156e8794">
1136    <topic>jenkins -- slave-originated arbitrary code execution on master servers</topic>
1137    <affects>
1138      <package>
1139	<name>jenkins</name>
1140	<range><lt>1.587</lt></range>
1141      </package>
1142      <package>
1143	<name>jenkins-lts</name>
1144	<range><lt>1.580.1</lt></range>
1145      </package>
1146    </affects>
1147    <description>
1148      <body xmlns="http://www.w3.org/1999/xhtml">
1149	<p>Kohsuke Kawaguchi from Jenkins team reports:</p>
1150	<blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30">
1151	  <p>Historically, Jenkins master and slaves behaved as if
1152	  they altogether form a single distributed process.  This
1153	  means a slave can ask a master to do just about anything
1154	  within the confinement of the operating system, such as
1155	  accessing files on the master or trigger other jobs on
1156	  Jenkins.</p>
1157	  <p>This has increasingly become problematic, as larger
1158	  enterprise deployments have developed more sophisticated
1159	  trust separation model, where the administators of a master
1160	  might take slaves owned by other teams.  In such an
1161	  environment, slaves are less trusted than the master.
1162	  Yet the "single distributed process" assumption was not
1163	  communicated well to the users, resulting in vulnerabilities
1164	  in some deployments.</p>
1165	  <p>SECURITY-144 (CVE-2014-3665) introduces a new subsystem
1166	  to address this problem.  This feature is off by default for
1167	  compatibility reasons.  See Wiki for more details, who should
1168	  turn this on, and implications.</p>
1169	  <p>CVE-2014-3566 is rated high.  It only affects
1170	  installations that accept slaves from less trusted
1171	  computers, but this will allow an owner of of such slave to
1172	  mount a remote code execution attack on Jenkins.</p>
1173	</blockquote>
1174      </body>
1175    </description>
1176    <references>
1177      <cvename>CVE-2014-3665</cvename>
1178      <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30</url>
1179      <url>https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control</url>
1180      <url>http://www.cloudbees.com/jenkins-security-advisory-2014-10-30</url>
1181    </references>
1182    <dates>
1183      <discovery>2014-10-30</discovery>
1184      <entry>2014-10-31</entry>
1185    </dates>
1186  </vuln>
1187
1188  <vuln vid="f8c88d50-5fb3-11e4-81bd-5453ed2e2b49">
1189    <topic>libssh -- PRNG state reuse on forking servers</topic>
1190    <affects>
1191      <package>
1192	<name>libssh</name>
1193	<range><lt>0.6.3</lt></range>
1194      </package>
1195    </affects>
1196    <description>
1197      <body xmlns="http://www.w3.org/1999/xhtml">
1198	<p>Aris Adamantiadis reports:</p>
1199	<blockquote cite="http://www.openwall.com/lists/oss-security/2014/03/05/1">
1200	  <p>When accepting a new connection, the server forks and the
1201	    child process handles the request. The RAND_bytes() function
1202	    of openssl doesn't reset its state after the fork, but
1203	    simply adds the current process id (getpid) to the PRNG
1204	    state, which is not guaranteed to be unique.</p>
1205	</blockquote>
1206      </body>
1207    </description>
1208    <references>
1209      <cvename>CVE-2014-0017</cvename>
1210      <mlist>http://www.openwall.com/lists/oss-security/2014/03/05/1</mlist>
1211      <url>http://secunia.com/advisories/57407</url>
1212    </references>
1213    <dates>
1214      <discovery>2014-03-05</discovery>
1215      <entry>2014-10-29</entry>
1216    </dates>
1217  </vuln>
1218
1219  <vuln vid="d057c5e6-5b20-11e4-bebd-000c2980a9f3">
1220    <topic>libpurple/pidgin -- multiple vulnerabilities</topic>
1221    <affects>
1222      <package>
1223	<name>libpurple</name>
1224	<range><lt>2.10.10</lt></range>
1225      </package>
1226      <package>
1227	<name>pidgin</name>
1228	<range><lt>2.10.10</lt></range>
1229      </package>
1230    </affects>
1231    <description>
1232      <body xmlns="http://www.w3.org/1999/xhtml">
1233	<p>The pidgin development team reports:</p>
1234	<blockquote cite="https://developer.pidgin.im/wiki/ChangeLog">
1235	  <p>.</p>
1236	</blockquote>
1237      </body>
1238    </description>
1239    <references>
1240      <cvename>CVE-2014-3694</cvename>
1241      <cvename>CVE-2014-3697</cvename>
1242      <cvename>CVE-2014-3696</cvename>
1243      <cvename>CVE-2014-3695</cvename>
1244      <cvename>CVE-2014-3698</cvename>
1245      <url>https://developer.pidgin.im/wiki/ChangeLog</url>
1246    </references>
1247    <dates>
1248      <discovery>2014-10-22</discovery>
1249      <entry>2014-10-24</entry>
1250    </dates>
1251  </vuln>
1252
1253  <vuln vid="25b78f04-59c8-11e4-b711-6805ca0b3d42">
1254    <topic>phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page.</topic>
1255    <affects>
1256      <package>
1257	<name>phpMyAdmin</name>
1258	<range><ge>4.2.0</ge><lt>4.2.10.1</lt></range>
1259      </package>
1260    </affects>
1261    <description>
1262      <body xmlns="http://www.w3.org/1999/xhtml">
1263	<p>The phpMyAdmin development team reports:</p>
1264	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php">
1265	  <p>With a crafted database or table name it is possible to
1266	    trigger an XSS in SQL debug output when enabled and in
1267	    server monitor page when viewing and analysing executed
1268	    queries.</p>
1269	  <p>This vulnerability can be triggered only by someone who
1270	    is logged in to phpMyAdmin, as the usual token protection
1271	    prevents non-logged-in users from accessing the required
1272	    pages. Moreover, debugging SQL is a developer option which
1273	    is disabled by default and expected to be disabled in
1274	    production environments.</p>
1275	</blockquote>
1276      </body>
1277    </description>
1278    <references>
1279      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php</url>
1280      <cvename>CVE-2014-8326</cvename>
1281    </references>
1282    <dates>
1283      <discovery>2014-10-21</discovery>
1284      <entry>2014-10-22</entry>
1285    </dates>
1286  </vuln>
1287
1288  <vuln vid="76c7a0f5-5928-11e4-adc7-001999f8d30b">
1289    <topic>asterisk -- Asterisk Susceptibility to POODLE Vulnerability</topic>
1290    <affects>
1291      <package>
1292	<name>asterisk</name>
1293	<range><lt>1.8.31.1</lt></range>
1294      </package>
1295      <package>
1296	<name>asterisk11</name>
1297	<range><lt>11.13.1</lt></range>
1298      </package>
1299    </affects>
1300    <description>
1301      <body xmlns="http://www.w3.org/1999/xhtml">
1302	<p>The Asterisk project reports:</p>
1303	<blockquote cite="http://www.asterisk.org/downloads/security-advisories">
1304	  <p>The POODLE vulnerability is described under CVE-2014-3566.
1305	  This advisory describes the Asterisk's project susceptibility
1306	  to this vulnerability.</p>
1307	</blockquote>
1308      </body>
1309    </description>
1310    <references>
1311      <url>http://downloads.asterisk.org/pub/security/AST-2014-011.html</url>
1312      <cvename>CVE-2014-3566</cvename>
1313    </references>
1314    <dates>
1315      <discovery>2014-10-20</discovery>
1316      <entry>2014-10-21</entry>
1317    </dates>
1318  </vuln>
1319
1320  <vuln vid="0642b064-56c4-11e4-8b87-bcaec565249c">
1321    <topic>libxml2 -- Denial of service</topic>
1322    <affects>
1323      <package>
1324	<name>libxml2</name>
1325	<range><lt>2.9.2</lt></range>
1326      </package>
1327      <package>
1328	<name>linux-c6-libxml2</name>
1329	<range><lt>2.7.6_2</lt></range>
1330      </package>
1331      <package>
1332	<name>linux-f10-libxml2</name>
1333	<range><ge>*</ge></range>
1334      </package>
1335    </affects>
1336    <description>
1337      <body xmlns="http://www.w3.org/1999/xhtml">
1338	<p>RedHat reports:</p>
1339	<blockquote cite="https://rhn.redhat.com/errata/RHSA-2014-1655.html">
1340	  <p>A denial of service flaw was found in libxml2, a library
1341	    providing support to read, modify and write XML and HTML
1342	    files. A remote attacker could provide a specially crafted
1343	    XML file that, when processed by an application using
1344	    libxml2, would lead to excessive CPU consumption (denial of
1345	    service) based on excessive entity substitutions, even if
1346	    entity substitution was disabled, which is the parser default
1347	    behavior.</p>
1348	</blockquote>
1349      </body>
1350    </description>
1351    <references>
1352      <cvename>CVE-2014-3660</cvename>
1353      <url>https://rhn.redhat.com/errata/RHSA-2014-1655.html</url>
1354    </references>
1355    <dates>
1356      <discovery>2014-10-16</discovery>
1357      <entry>2014-10-18</entry>
1358      <modified>2015-07-15</modified>
1359    </dates>
1360  </vuln>
1361
1362  <vuln vid="6f825fa4-5560-11e4-a4c3-00a0986f28c4">
1363    <topic>drupal7 -- SQL injection</topic>
1364    <affects>
1365      <package>
1366	<name>drupal7</name>
1367	<range><lt>7.32</lt></range>
1368      </package>
1369    </affects>
1370    <description>
1371      <body xmlns="http://www.w3.org/1999/xhtml">
1372	<p>Drupal Security Team reports:</p>
1373	<blockquote cite="https://drupal.org/SA-CORE-2013-003">
1374	  <p>Drupal 7 includes a database abstraction API to ensure that
1375	    queries executed against the database are sanitized to prevent
1376	    SQL injection attacks.
1377	    A vulnerability in this API allows an attacker to send
1378	    specially crafted requests resulting in arbitrary SQL execution.
1379	    Depending on the content of the requests this can lead to
1380	    privilege escalation, arbitrary PHP execution, or other attacks.
1381	    This vulnerability can be exploited by anonymous users.</p>
1382	</blockquote>
1383      </body>
1384    </description>
1385    <references>
1386      <cvename>CVE-2014-3704</cvename>
1387      <url>https://www.drupal.org/SA-CORE-2014-005</url>
1388      <url>https://www.sektioneins.de/en/blog/14-10-15-drupal-sql-injection-vulnerability.html</url>
1389    </references>
1390    <dates>
1391      <discovery>2014-10-15</discovery>
1392      <entry>2014-10-16</entry>
1393    </dates>
1394  </vuln>
1395
1396  <vuln vid="03175e62-5494-11e4-9cc1-bc5ff4fb5e7b">
1397    <topic>OpenSSL -- multiple vulnerabilities</topic>
1398    <affects>
1399      <package>
1400	<name>openssl</name>
1401	<range><ge>1.0.1</ge><lt>1.0.1_16</lt></range>
1402      </package>
1403      <package>
1404	<name>mingw32-openssl</name>
1405	<range><ge>1.0.1</ge><lt>1.0.1j</lt></range>
1406      </package>
1407      <package>
1408	<name>linux-c6-openssl</name>
1409	<range><lt>1.0.1e_1</lt></range>
1410      </package>
1411      <package>
1412	<name>FreeBSD</name>
1413	<range><ge>8.4</ge><lt>8.4_17</lt></range>
1414	<range><ge>9.1</ge><lt>9.1_20</lt></range>
1415	<range><ge>9.2</ge><lt>9.2_13</lt></range>
1416	<range><ge>9.3</ge><lt>9.3_3</lt></range>
1417	<range><ge>10.0</ge><lt>10.0_10</lt></range>
1418      </package>
1419    </affects>
1420    <description>
1421      <body xmlns="http://www.w3.org/1999/xhtml">
1422	<p>The OpenSSL Project reports:</p>
1423	<blockquote cite="https://www.openssl.org/news/secadv_20141015.txt">
1424	  <p>A flaw in the DTLS SRTP extension parsing code allows an
1425	    attacker, who sends a carefully crafted handshake message,
1426	    to cause OpenSSL to fail to free up to 64k of memory causing
1427	    a memory leak. This could be exploited in a Denial Of Service
1428	    attack. This issue affects OpenSSL 1.0.1 server implementations
1429	    for both SSL/TLS and DTLS regardless of whether SRTP is used
1430	    or configured. Implementations of OpenSSL that have been
1431	    compiled with OPENSSL_NO_SRTP defined are not affected.
1432	    [CVE-2014-3513].</p>
1433	  <p>When an OpenSSL SSL/TLS/DTLS server receives a session
1434	    ticket the integrity of that ticket is first verified.
1435	    In the event of a session ticket integrity check failing,
1436	    OpenSSL will fail to free memory causing a memory leak.
1437	    By sending a large number of invalid session tickets an
1438	    attacker could exploit this issue in a Denial Of Service
1439	    attack. [CVE-2014-3567].</p>
1440	  <p>OpenSSL has added support for TLS_FALLBACK_SCSV to allow
1441	    applications to block the ability for a MITM attacker to
1442	    force a protocol downgrade.</p>
1443	  <p>Some client applications (such as browsers) will reconnect
1444	    using a downgraded protocol to work around interoperability
1445	    bugs in older servers. This could be exploited by an active
1446	    man-in-the-middle to downgrade connections to SSL 3.0 even
1447	    if both sides of the connection support higher protocols.
1448	    SSL 3.0 contains a number of weaknesses including POODLE
1449	    [CVE-2014-3566].</p>
1450	  <p>When OpenSSL is configured with "no-ssl3" as a build option,
1451	    servers could accept and complete a SSL 3.0 handshake, and
1452	    clients could be configured to send them. [CVE-2014-3568].</p>
1453	</blockquote>
1454      </body>
1455    </description>
1456    <references>
1457      <freebsdsa>SA-14:23.openssl</freebsdsa>
1458      <cvename>CVE-2014-3513</cvename>
1459      <cvename>CVE-2014-3566</cvename>
1460      <cvename>CVE-2014-3567</cvename>
1461      <cvename>CVE-2014-3568</cvename>
1462      <url>https://www.openssl.org/news/secadv_20141015.txt</url>
1463    </references>
1464    <dates>
1465      <discovery>2014-10-15</discovery>
1466      <entry>2014-10-15</entry>
1467      <modified>2016-08-09</modified>
1468    </dates>
1469  </vuln>
1470
1471  <vuln vid="9c1495ac-8d8c-4789-a0f3-8ca6b476619c">
1472    <topic>mozilla -- multiple vulnerabilities</topic>
1473    <affects>
1474      <package>
1475	<name>firefox</name>
1476	<range><lt>33.0,1</lt></range>
1477      </package>
1478      <package>
1479	<name>firefox-esr</name>
1480	<range><lt>31.2.0,1</lt></range>
1481      </package>
1482      <package>
1483	<name>linux-firefox</name>
1484	<range><lt>33.0,1</lt></range>
1485      </package>
1486      <package>
1487	<name>linux-seamonkey</name>
1488	<range><lt>2.30</lt></range>
1489      </package>
1490      <package>
1491	<name>linux-thunderbird</name>
1492	<range><lt>31.2.0</lt></range>
1493      </package>
1494      <package>
1495	<name>seamonkey</name>
1496	<range><lt>2.30</lt></range>
1497      </package>
1498      <package>
1499	<name>thunderbird</name>
1500	<range><lt>31.2.0</lt></range>
1501      </package>
1502      <package>
1503	<name>libxul</name>
1504	<range><lt>31.2.0</lt></range>
1505      </package>
1506    </affects>
1507    <description>
1508      <body xmlns="http://www.w3.org/1999/xhtml">
1509	<p>The Mozilla Project reports:</p>
1510	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
1511	  <p>MFSA 2014-74 Miscellaneous memory safety hazards
1512	    (rv:33.0 / rv:31.2)</p>
1513	  <p>MFSA 2014-75 Buffer overflow during CSS manipulation</p>
1514	  <p>MFSA 2014-76 Web Audio memory corruption issues with
1515	    custom waveforms</p>
1516	  <p>MFSA 2014-78 Further uninitialized memory use during GIF</p>
1517	  <p>MFSA 2014-79 Use-after-free interacting with text
1518	    directionality</p>
1519	  <p>MFSA 2014-80 Key pinning bypasses</p>
1520	  <p>MFSA 2014-81 Inconsistent video sharing within iframe</p>
1521	  <p>MFSA 2014-82 Accessing cross-origin objects via the
1522	    Alarms API</p>
1523	</blockquote>
1524      </body>
1525    </description>
1526    <references>
1527      <cvename>CVE-2014-1574</cvename>
1528      <cvename>CVE-2014-1575</cvename>
1529      <cvename>CVE-2014-1576</cvename>
1530      <cvename>CVE-2014-1577</cvename>
1531      <cvename>CVE-2014-1580</cvename>
1532      <cvename>CVE-2014-1581</cvename>
1533      <cvename>CVE-2014-1582</cvename>
1534      <cvename>CVE-2014-1583</cvename>
1535      <cvename>CVE-2014-1584</cvename>
1536      <cvename>CVE-2014-1585</cvename>
1537      <cvename>CVE-2014-1586</cvename>
1538      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-74.html</url>
1539      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-75.html</url>
1540      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-76.html</url>
1541      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-78.html</url>
1542      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-79.html</url>
1543      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-80.html</url>
1544      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-81.html</url>
1545      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-82.html</url>
1546      <url>https://www.mozilla.org/security/announce/</url>
1547    </references>
1548    <dates>
1549      <discovery>2014-10-14</discovery>
1550      <entry>2014-10-14</entry>
1551      <modified>2015-08-12</modified>
1552    </dates>
1553  </vuln>
1554
1555  <vuln vid="c30c3a2e-4fb1-11e4-b275-14dae9d210b8">
1556    <topic>foreman-proxy SSL verification issue</topic>
1557    <affects>
1558      <package>
1559	<name>foreman-proxy</name>
1560	<range><lt>1.6.2</lt></range>
1561      </package>
1562    </affects>
1563    <description>
1564      <body xmlns="http://www.w3.org/1999/xhtml">
1565	<p>Foreman Security reports:</p>
1566	<blockquote cite="http://projects.theforeman.org/issues/7822">
1567	  <p>The smart proxy when running in an SSL-secured mode permits incoming
1568	    API calls to any endpoint without requiring, or performing any
1569	    verification of an SSL client certificate. This permits any client
1570	    with access to the API to make requests and perform actions
1571	    permitting control of Puppet CA, DHCP, DNS etc.)</p>
1572	</blockquote>
1573      </body>
1574    </description>
1575    <references>
1576      <cvename>CVE-2014-3691</cvename>
1577      <url>https://groups.google.com/forum/#!topic/foreman-announce/LcjZx25Bl7U</url>
1578    </references>
1579    <dates>
1580      <discovery>2014-05-09</discovery>
1581      <entry>2014-10-09</entry>
1582    </dates>
1583  </vuln>
1584
1585  <vuln vid="b6587341-4d88-11e4-aef9-20cf30e32f6d">
1586    <topic>Bugzilla multiple security issues</topic>
1587    <affects>
1588      <package>
1589	<name>bugzilla44</name>
1590	<range><lt>4.4.6</lt></range>
1591      </package>
1592    </affects>
1593    <description>
1594      <body xmlns="http://www.w3.org/1999/xhtml">
1595	<p>Bugzilla Security Advisory</p>
1596	<blockquote cite="http://www.bugzilla.org/security/4.0.14/">
1597	  <h5>Unauthorized Account Creation</h5>
1598	  <p>An attacker creating a new Bugzilla account can override certain
1599	    parameters when finalizing the account creation that can lead to the
1600	    user being created with a different email address than originally
1601	    requested. The overridden login name could be automatically added
1602	    to groups based on the group's regular expression setting.</p>
1603	  <h5>Cross-Site Scripting</h5>
1604	  <p>During an audit of the Bugzilla code base, several places
1605	    were found where cross-site scripting exploits could occur which
1606	    could allow an attacker to access sensitive information.</p>
1607	  <h5>Information Leak</h5>
1608	  <p>If a new comment was marked private to the insider group, and a flag
1609	    was set in the same transaction, the comment would be visible to
1610	    flag recipients even if they were not in the insider group.</p>
1611	  <h5>Social Engineering</h5>
1612	  <p>Search results can be exported as a CSV file which can then be
1613	    imported into external spreadsheet programs. Specially formatted
1614	    field values can be interpreted as formulas which can be executed
1615	    and used to attack a user's computer.</p>
1616	</blockquote>
1617      </body>
1618    </description>
1619    <references>
1620      <cvename>CVE-2014-1572</cvename>
1621      <cvename>CVE-2014-1573</cvename>
1622      <cvename>CVE-2014-1571</cvename>
1623      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1074812</url>
1624      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1075578</url>
1625      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1064140</url>
1626      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1054702</url>
1627    </references>
1628    <dates>
1629      <discovery>2014-10-06</discovery>
1630      <entry>2014-10-06</entry>
1631    </dates>
1632  </vuln>
1633
1634  <vuln vid="81e2b308-4a6c-11e4-b711-6805ca0b3d42">
1635    <topic>rt42 -- vulnerabilities related to shellshock</topic>
1636    <affects>
1637      <package>
1638	<name>rt42</name>
1639	<range><ge>4.2.0</ge><lt>4.2.8</lt></range>
1640      </package>
1641    </affects>
1642    <description>
1643      <body xmlns="http://www.w3.org/1999/xhtml">
1644	<p>Best Practical reports:</p>
1645	<blockquote cite="http://blog.bestpractical.com/2014/10/security-vulnerability-in-rt-42x-cve-2014-7227.html">
1646	  <p>RT 4.2.0 and above may be vulnerable to arbitrary
1647	    execution of code by way of CVE-2014-7169, CVE-2014-7186,
1648	    CVE-2014-7187, CVE-2014-6277, or CVE-2014-6271 --
1649	    collectively known as "Shellshock." This vulnerability
1650	    requires a privileged user with access to an RT instance
1651	    running with SMIME integration enabled; it applies to both
1652	    mod_perl and fastcgi deployments. If you have already
1653	    taken upgrades to bash to resolve "Shellshock," you are
1654	    protected from this vulnerability in RT, and there is no
1655	    need to apply this patch. This vulnerability has been
1656	    assigned CVE-2014-7227.</p>
1657	</blockquote>
1658      </body>
1659    </description>
1660    <references>
1661      <url>http://blog.bestpractical.com/2014/10/security-vulnerability-in-rt-42x-cve-2014-7227.html</url>
1662      <cvename>CVE-2014-7227</cvename>
1663    </references>
1664    <dates>
1665      <discovery>2014-10-02</discovery>
1666      <entry>2014-10-02</entry>
1667    </dates>
1668  </vuln>
1669
1670  <vuln vid="549a2771-49cc-11e4-ae2c-c80aa9043978">
1671    <topic>jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS</topic>
1672    <affects>
1673      <package>
1674	<name>jenkins</name>
1675	<range><lt>1.583</lt></range>
1676      </package>
1677      <package>
1678	<name>jenkins-lts</name>
1679	<range><lt>1.565.3</lt></range>
1680      </package>
1681    </affects>
1682    <description>
1683      <body xmlns="http://www.w3.org/1999/xhtml">
1684	<p>Jenkins Security Advisory:</p>
1685	<blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01">
1686	  <p>Please reference CVE/URL list for details</p>
1687	</blockquote>
1688      </body>
1689    </description>
1690    <references>
1691      <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01</url>
1692      <cvename>CVE-2014-3661</cvename>
1693      <cvename>CVE-2014-3662</cvename>
1694      <cvename>CVE-2014-3663</cvename>
1695      <cvename>CVE-2014-3664</cvename>
1696      <cvename>CVE-2014-3680</cvename>
1697      <cvename>CVE-2014-3681</cvename>
1698      <cvename>CVE-2014-3666</cvename>
1699      <cvename>CVE-2014-3667</cvename>
1700      <cvename>CVE-2013-2186</cvename>
1701      <cvename>CVE-2014-1869</cvename>
1702      <cvename>CVE-2014-3678</cvename>
1703      <cvename>CVE-2014-3679</cvename>
1704    </references>
1705    <dates>
1706      <discovery>2014-10-01</discovery>
1707      <entry>2014-10-01</entry>
1708    </dates>
1709  </vuln>
1710
1711  <vuln vid="512d1301-49b9-11e4-ae2c-c80aa9043978">
1712    <topic>bash -- remote code execution</topic>
1713    <affects>
1714      <package>
1715	<name>bash</name>
1716	<name>bash-static</name>
1717	<range><lt>4.3.25_2</lt></range>
1718      </package>
1719    </affects>
1720    <description>
1721      <body xmlns="http://www.w3.org/1999/xhtml">
1722	<p>Note that this is different than the public "Shellshock"
1723	  issue.</p>
1724	<p>Specially crafted environment variables could lead to remote
1725	  arbitrary code execution.  This was fixed in bash 4.3.27, however
1726	  the port was patched with a mitigation in 4.3.25_2.</p>
1727      </body>
1728    </description>
1729    <references>
1730      <url>http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html</url>
1731      <cvename>CVE-2014-6277</cvename>
1732      <cvename>CVE-2014-6278</cvename>
1733    </references>
1734    <dates>
1735      <discovery>2014-09-27</discovery>
1736      <entry>2014-10-01</entry>
1737    </dates>
1738  </vuln>
1739
1740  <vuln vid="3e8b7f8a-49b0-11e4-b711-6805ca0b3d42">
1741    <topic>phpMyAdmin -- XSS vulnerabilities</topic>
1742    <affects>
1743      <package>
1744	<name>phpMyAdmin</name>
1745	<range><ge>4.2.0</ge><lt>4.2.9.1</lt></range>
1746      </package>
1747    </affects>
1748    <description>
1749      <body xmlns="http://www.w3.org/1999/xhtml">
1750	<p>The phpMyAdmin development team reports:</p>
1751	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php">
1752	  <p>With a crafted ENUM value it is possible to trigger an
1753	    XSS in table search and table structure pages. This
1754	    vulnerability can be triggered only by someone who is
1755	    logged in to phpMyAdmin, as the usual token protection
1756	    prevents non-logged-in users from accessing the required
1757	    pages.</p>
1758	</blockquote>
1759      </body>
1760    </description>
1761    <references>
1762      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php</url>
1763      <cvename>CVE-2014-7217</cvename>
1764    </references>
1765    <dates>
1766      <discovery>2014-10-01</discovery>
1767      <entry>2014-10-01</entry>
1768    </dates>
1769  </vuln>
1770
1771  <vuln vid="4a4e9f88-491c-11e4-ae2c-c80aa9043978">
1772    <topic>bash -- out-of-bounds memory access in parser</topic>
1773    <affects>
1774      <package>
1775	<name>bash</name>
1776	<name>bash-static</name>
1777	<range><lt>4.3.27_1</lt></range>
1778      </package>
1779    </affects>
1780    <description>
1781      <body xmlns="http://www.w3.org/1999/xhtml">
1782	<p>RedHat security team reports:</p>
1783	<blockquote cite="https://access.redhat.com/security/cve/CVE-2014-7186">
1784	  <p>It was discovered that the fixed-sized redir_stack could be forced
1785	    to overflow in the Bash parser, resulting in memory corruption, and
1786	    possibly leading to arbitrary code execution when evaluating
1787	    untrusted input that would not otherwise be run as code.</p>
1788	</blockquote>
1789	<blockquote cite="https://access.redhat.com/security/cve/CVE-2014-7187">
1790	  <p>An off-by-one error was discovered in the way Bash was handling
1791	    deeply nested flow control constructs. Depending on the layout of
1792	    the .bss segment, this could allow arbitrary execution of code that
1793	    would not otherwise be executed by Bash.</p>
1794	</blockquote>
1795      </body>
1796    </description>
1797    <references>
1798      <url>https://access.redhat.com/security/cve/CVE-2014-7186</url>
1799      <cvename>CVE-2014-7186</cvename>
1800      <cvename>CVE-2014-7187</cvename>
1801    </references>
1802    <dates>
1803      <discovery>2014-09-25</discovery>
1804      <entry>2014-10-01</entry>
1805    </dates>
1806  </vuln>
1807
1808  <vuln vid="8e0e86ff-48b5-11e4-ab80-000c29f6ae42">
1809    <topic>rsyslog -- remote syslog PRI vulnerability</topic>
1810    <affects>
1811      <package>
1812	<name>rsyslog</name>
1813	<range><lt>7.6.7</lt></range>
1814      </package>
1815      <package>
1816	<name>rsyslog8</name>
1817	<range><lt>8.4.2</lt></range>
1818      </package>
1819    </affects>
1820    <description>
1821      <body xmlns="http://www.w3.org/1999/xhtml">
1822	<p>The rsyslog project reports:</p>
1823	<blockquote cite="http://www.rsyslog.com/remote-syslog-pri-vulnerability/">
1824	  <p>potential abort when a message with PRI &gt; 191 was processed
1825	    if the "pri-text" property was used in active templates,
1826	    this could be abused to a remote denial of service from
1827	    permitted senders</p>
1828	  <p>The original fix for CVE-2014-3634 was not adequate.</p>
1829	</blockquote>
1830      </body>
1831    </description>
1832    <references>
1833      <url>http://www.rsyslog.com/remote-syslog-pri-vulnerability/</url>
1834      <cvename>CVE-2014-3634</cvename>
1835    </references>
1836    <dates>
1837      <discovery>2014-09-30</discovery>
1838      <entry>2014-09-30</entry>
1839      <modified>2014-10-02</modified>
1840    </dates>
1841  </vuln>
1842
1843  <vuln vid="6c083cf8-4830-11e4-ae2c-c80aa9043978">
1844    <topic>fish -- local privilege escalation and remote code execution</topic>
1845    <affects>
1846      <package>
1847	<name>fish</name>
1848	<range><ge>1.6.0</ge><lt>2.1.1</lt></range>
1849      </package>
1850    </affects>
1851    <description>
1852      <body xmlns="http://www.w3.org/1999/xhtml">
1853	<p>Fish developer David Adam reports:</p>
1854	<blockquote cite="http://www.openwall.com/lists/oss-security/2014/09/28/8">
1855	  <p>This release fixes a number of local privilege escalation
1856	    vulnerability and one remote code execution vulnerability.</p>
1857	</blockquote>
1858      </body>
1859    </description>
1860    <references>
1861      <url>http://www.openwall.com/lists/oss-security/2014/09/28/8</url>
1862      <cvename>CVE-2014-2905</cvename>
1863      <url>https://github.com/fish-shell/fish-shell/issues/1436</url>
1864      <cvename>CVE-2014-2906</cvename>
1865      <cvename>CVE-2014-3856</cvename>
1866      <url>https://github.com/fish-shell/fish-shell/issues/1437</url>
1867      <cvename>CVE-2014-2914</cvename>
1868      <url>https://github.com/fish-shell/fish-shell/issues/1438</url>
1869      <cvename>CVE-2014-3219</cvename>
1870      <url>https://github.com/fish-shell/fish-shell/issues/1440</url>
1871    </references>
1872    <dates>
1873      <discovery>2014-09-28</discovery>
1874      <entry>2014-09-29</entry>
1875    </dates>
1876  </vuln>
1877
1878  <vuln vid="ca44b64c-4453-11e4-9ea1-c485083ca99c">
1879    <topic>Flash player -- Multiple security vulnerabilities in www/linux-*-flashplugin11</topic>
1880    <affects>
1881      <package>
1882	<name>linux-f10-flashplugin</name>
1883	<range><lt>11.2r202.400</lt></range>
1884      </package>
1885      <package>
1886	<name>linux-c6-flashplugin</name>
1887	<range><lt>11.2r202.400</lt></range>
1888      </package>
1889    </affects>
1890    <description>
1891      <body xmlns="http://www.w3.org/1999/xhtml">
1892	<p>Adobe reports:</p>
1893	<blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb14-21.html">
1894	  <p>These updates address vulnerabilities that could cause a crash
1895	    and potentially allow an attacker to take control of the affected system.</p>
1896	</blockquote>
1897      </body>
1898    </description>
1899    <references>
1900      <cvename>CVE-2014-0547</cvename>
1901      <cvename>CVE-2014-0548</cvename>
1902      <cvename>CVE-2014-0549</cvename>
1903      <cvename>CVE-2014-0550</cvename>
1904      <cvename>CVE-2014-0551</cvename>
1905      <cvename>CVE-2014-0552</cvename>
1906      <cvename>CVE-2014-0553</cvename>
1907      <cvename>CVE-2014-0554</cvename>
1908      <cvename>CVE-2014-0555</cvename>
1909      <cvename>CVE-2014-0556</cvename>
1910      <cvename>CVE-2014-0557</cvename>
1911      <cvename>CVE-2014-0559</cvename>
1912      <url>http://helpx.adobe.com/security/products/flash-player/apsb14-21.html</url>
1913    </references>
1914    <dates>
1915      <discovery>2014-09-09</discovery>
1916      <entry>2014-09-25</entry>
1917    </dates>
1918  </vuln>
1919
1920  <vuln vid="48108fb0-751c-4cbb-8f33-09239ead4b55">
1921    <topic>NSS -- RSA Signature Forgery</topic>
1922    <affects>
1923      <package>
1924	<name>linux-firefox</name>
1925	<range><lt>32.0.3,1</lt></range>
1926      </package>
1927      <package>
1928	<name>linux-thunderbird</name>
1929	<range><lt>31.1.2</lt></range>
1930      </package>
1931      <package>
1932	<name>linux-seamonkey</name>
1933	<range><lt>2.29.1</lt></range>
1934      </package>
1935      <package>
1936	<name>nss</name>
1937	<range><lt>3.17.1</lt></range>
1938      </package>
1939      <package>
1940	<name>linux-c6-nss</name>
1941	<range><lt>3.16.1</lt></range>
1942      </package>
1943    </affects>
1944    <description>
1945      <body xmlns="http://www.w3.org/1999/xhtml">
1946	<p>The Mozilla Project reports:</p>
1947	<blockquote cite="https://www.mozilla.org/security/announce/2014/mfsa2014-73.html">
1948	  <p>Antoine Delignat-Lavaud discovered that NSS is vulnerable
1949	  to a variant of a signature forgery attack previously
1950	  published by Daniel Bleichenbacher.  This is due to lenient
1951	  parsing of ASN.1 values involved in a signature and could
1952	  lead to the forging of RSA certificates.</p>
1953	</blockquote>
1954      </body>
1955    </description>
1956    <references>
1957      <cvename>CVE-2014-1568</cvename>
1958      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-73.html</url>
1959    </references>
1960    <dates>
1961      <discovery>2014-09-23</discovery>
1962      <entry>2014-09-25</entry>
1963    </dates>
1964  </vuln>
1965
1966  <vuln vid="fb25333d-442f-11e4-98f3-5453ed2e2b49">
1967    <topic>krfb -- Multiple security issues in bundled libvncserver</topic>
1968    <affects>
1969      <package>
1970	<name>krfb</name>
1971	<range><lt>4.12.5_4</lt></range>
1972      </package>
1973    </affects>
1974    <description>
1975      <body xmlns="http://www.w3.org/1999/xhtml">
1976	<p>Martin Sandsmark reports:</p>
1977	<blockquote cite="http://lists.kde.org/?l=kde-announce&amp;m=141153917319769&amp;w=2">
1978	  <p>krfb 4.14 [and earlier] embeds libvncserver which has had
1979	    several security issues.</p>
1980	  <p>Several remotely exploitable security issues have been
1981	    uncovered in libvncserver, some of which might allow a
1982	    remote authenticated user code execution or application
1983	    crashes.</p>
1984	</blockquote>
1985      </body>
1986    </description>
1987    <references>
1988      <cvename>CVE-2014-6055</cvename>
1989      <mlist>http://lists.kde.org/?l=kde-announce&amp;m=141153917319769&amp;w=2</mlist>
1990    </references>
1991    <dates>
1992      <discovery>2014-09-23</discovery>
1993      <entry>2014-09-25</entry>
1994    </dates>
1995  </vuln>
1996
1997  <vuln vid="71ad81da-4414-11e4-a33e-3c970e169bc2">
1998    <topic>bash -- remote code execution vulnerability</topic>
1999    <affects>
2000      <package>
2001	<name>bash</name>
2002	<name>bash-static</name>
2003	<range><gt>3.0</gt><le>3.0.17</le></range>
2004	<range><gt>3.1</gt><le>3.1.18</le></range>
2005	<range><gt>3.2</gt><le>3.2.52</le></range>
2006	<range><gt>4.0</gt><le>4.0.39</le></range>
2007	<range><gt>4.1</gt><le>4.1.12</le></range>
2008	<range><gt>4.2</gt><le>4.2.48</le></range>
2009	<range><gt>4.3</gt><lt>4.3.25_1</lt></range>
2010      </package>
2011      <package>
2012	<name>linux_base-c6</name>
2013	<range><lt>6.5_1</lt></range>
2014      </package>
2015    </affects>
2016    <description>
2017      <body xmlns="http://www.w3.org/1999/xhtml">
2018	<p>Chet Ramey reports:</p>
2019	<blockquote cite="https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html">
2020	  <p>Under certain circumstances, bash will execute user code
2021	    while processing the environment for exported function
2022	    definitions.</p>
2023	</blockquote>
2024	<p>The original fix released for CVE-2014-6271 was not adequate. A
2025	  similar vulnerability was discovered and tagged as CVE-2014-7169.</p>
2026      </body>
2027    </description>
2028    <references>
2029      <cvename>CVE-2014-6271</cvename>
2030      <cvename>CVE-2014-7169</cvename>
2031      <url>https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/</url>
2032      <url>https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html</url>
2033      <url>http://seclists.org/oss-sec/2014/q3/690</url>
2034    </references>
2035    <dates>
2036      <discovery>2014-09-24</discovery>
2037      <entry>2014-09-24</entry>
2038      <modified>2014-09-25</modified>
2039    </dates>
2040  </vuln>
2041
2042  <vuln vid="e60d9e65-3f6b-11e4-ad16-001999f8d30b">
2043    <topic>asterisk -- Remotely triggered crash</topic>
2044    <affects>
2045      <package>
2046	<name>asterisk11</name>
2047	<range><lt>11.12.1</lt></range>
2048      </package>
2049    </affects>
2050    <description>
2051      <body xmlns="http://www.w3.org/1999/xhtml">
2052	<p>The Asterisk project reports:</p>
2053	<blockquote cite="https://www.asterisk.org/security">
2054	  <p>When an out of call message - delivered by either the
2055	    SIP or PJSIP channel driver or the XMPP stack - is handled
2056	    in Asterisk, a crash can occur if the channel servicing
2057	    the message is sent into the ReceiveFax dialplan application
2058	    while using the res_fax_spandsp module.</p>
2059	  <p>Note that this crash does not occur when using the
2060	    res_fax_digium module.  While this crash technically
2061	    occurs due to a configuration issue, as attempting to
2062	    receive a fax from a channel driver that only contains
2063	    textual information will never succeed, the likelihood
2064	    of having it occur is sufficiently high as to warrant
2065	    this advisory.</p>
2066	</blockquote>
2067      </body>
2068    </description>
2069    <references>
2070      <url>http://downloads.asterisk.org/pub/security/AST-2014-010.pdf</url>
2071      <url>https://issues.asterisk.org/jira/browse/ASTERISK-24301</url>
2072      <url>https://www.asterisk.org/security</url>
2073    </references>
2074    <dates>
2075      <discovery>2014-09-05</discovery>
2076      <entry>2014-09-18</entry>
2077    </dates>
2078  </vuln>
2079
2080  <vuln vid="d3324c55-3f11-11e4-ad16-001999f8d30b">
2081    <topic>squid -- Buffer overflow in SNMP processing</topic>
2082    <affects>
2083      <package>
2084	<name>squid</name>
2085	<range><lt>3.4.8</lt></range>
2086      </package>
2087      <package>
2088	<name>squid32</name>
2089	<range><gt>0</gt></range>
2090      </package>
2091      <package>
2092	<name>squid33</name>
2093	<range><lt>3.3.13_2</lt></range>
2094      </package>
2095    </affects>
2096    <description>
2097      <body xmlns="http://www.w3.org/1999/xhtml">
2098	<p>The squid-cache project reports:</p>
2099	<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2014_3.txt">
2100	  <p>Due to incorrect buffer management Squid can be caused
2101	  by an attacker to write outside its allocated SNMP buffer.</p>
2102	</blockquote>
2103      </body>
2104    </description>
2105    <references>
2106      <url>http://www.squid-cache.org/Advisories/SQUID-2014_3.txt</url>
2107      <cvename>CVE-2014-6270</cvename>
2108    </references>
2109    <dates>
2110      <discovery>2014-09-15</discovery>
2111      <entry>2014-09-18</entry>
2112    </dates>
2113  </vuln>
2114
2115  <vuln vid="38242d51-3e58-11e4-ac2f-bcaec565249c">
2116    <topic>dbus -- multiple vulnerabilities</topic>
2117    <affects>
2118      <package>
2119	<name>dbus</name>
2120	<range><lt>1.8.8</lt></range>
2121      </package>
2122    </affects>
2123    <description>
2124      <body xmlns="http://www.w3.org/1999/xhtml">
2125	<p>Simon McVittie reports:</p>
2126	<blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-September/016343.html">
2127	  <p>Do not accept an extra fd in the padding of a cmsg message,
2128	     which could lead to a 4-byte heap buffer overrun
2129	     (CVE-2014-3635).</p>
2130	  <p>Reduce default for maximum Unix file descriptors passed per
2131	     message from 1024 to 16, preventing a uid with the default
2132	     maximum number of connections from exhausting the system
2133	     bus' file descriptors under Linux's default rlimit
2134	     (CVE-2014-3636).</p>
2135	  <p>Disconnect connections that still have a fd pending
2136	     unmarshalling after a new configurable limit,
2137	     pending_fd_timeout (defaulting to 150 seconds), removing
2138	     the possibility of creating an abusive connection that
2139	     cannot be disconnected by setting up a circular reference
2140	     to a connection's file descriptor (CVE-2014-3637).</p>
2141	  <p>Reduce default for maximum pending replies per connection
2142	     from 8192 to 128, mitigating an algorithmic complexity
2143	     denial-of-service attack (CVE-2014-3638).</p>
2144	  <p>Reduce default for authentication timeout on the system
2145	     bus from 30 seconds to 5 seconds, avoiding denial of service
2146	     by using up all unauthenticated connection slots; and when
2147	     all unauthenticated connection slots are used up, make new
2148	     connection attempts block instead of disconnecting them
2149	     (CVE-2014-3639).</p>
2150	</blockquote>
2151      </body>
2152    </description>
2153    <references>
2154      <cvename>CVE-2014-3635</cvename>
2155      <cvename>CVE-2014-3636</cvename>
2156      <cvename>CVE-2014-3637</cvename>
2157      <cvename>CVE-2014-3638</cvename>
2158      <cvename>CVE-2014-3639</cvename>
2159      <url>http://lists.freedesktop.org/archives/dbus/2014-September/016343.html</url>
2160    </references>
2161    <dates>
2162      <discovery>2014-09-16</discovery>
2163      <entry>2014-09-17</entry>
2164    </dates>
2165  </vuln>
2166
2167  <vuln vid="77b784bb-3dc6-11e4-b191-f0def16c5c1b">
2168    <topic>nginx -- inject commands into SSL session vulnerability</topic>
2169    <affects>
2170      <package>
2171	<name>nginx</name>
2172	<range><ge>0.6.0</ge><lt>1.6.2,2</lt></range>
2173      </package>
2174      <package>
2175	<name>nginx-devel</name>
2176	<range><ge>0.5.6</ge><lt>1.7.5</lt></range>
2177      </package>
2178    </affects>
2179    <description>
2180      <body xmlns="http://www.w3.org/1999/xhtml">
2181	<p>The nginx project reports:</p>
2182	<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html">
2183	  <p>Security: it was possible to reuse SSL sessions in unrelated contexts
2184	     if a shared SSL session cache or the same TLS session ticket key was
2185	     used for multiple "server" blocks (CVE-2014-3616).</p>
2186	</blockquote>
2187      </body>
2188    </description>
2189    <references>
2190      <cvename>CVE-2014-3616</cvename>
2191      <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html</url>
2192    </references>
2193    <dates>
2194      <discovery>2014-09-16</discovery>
2195      <entry>2014-09-16</entry>
2196    </dates>
2197  </vuln>
2198
2199  <vuln vid="cc627e6c-3b89-11e4-b629-6805ca0b3d42">
2200    <topic>phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature</topic>
2201    <affects>
2202      <package>
2203	<name>phpMyAdmin</name>
2204	<range><ge>4.2.0</ge><lt>4.2.8.1</lt></range>
2205      </package>
2206    </affects>
2207    <description>
2208      <body xmlns="http://www.w3.org/1999/xhtml">
2209	<p>The phpMyAdmin development team reports:</p>
2210	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php">
2211	  <p>XSRF/CSRF due to DOM based XSS in the micro history feature.</p>
2212	  <p>By deceiving a logged-in user to click on a crafted URL,
2213	    it is possible to perform remote code execution and in some
2214	    cases, create a root account due to a DOM based XSS
2215	    vulnerability in the micro history feature.</p>
2216	</blockquote>
2217      </body>
2218    </description>
2219    <references>
2220      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php</url>
2221      <cvename>CVE-2014-6300</cvename>
2222    </references>
2223    <dates>
2224      <discovery>2014-09-13</discovery>
2225      <entry>2014-09-13</entry>
2226    </dates>
2227  </vuln>
2228
2229  <vuln vid="36858e78-3963-11e4-ad84-000c29f6ae42">
2230    <topic>security/ossec-hids-* -- root escalation via temp files</topic>
2231    <affects>
2232      <package>
2233	<name>ossec-hids-server</name>
2234	<name>ossec-hids-client</name>
2235	<name>ossec-hids-local</name>
2236	<range><lt>2.8.1</lt></range>
2237      </package>
2238    </affects>
2239    <description>
2240      <body xmlns="http://www.w3.org/1999/xhtml">
2241	<p>OSSEC reports:</p>
2242	<blockquote cite="http://www.ossec.net/?p=1135">
2243	  <p>This correction will create the temp file for the hosts deny file
2244	    in /var/ossec and will use mktemp where available to create
2245	    NON-predictable temp file name. In cases where mktemp is not
2246	    available we have written a BAD version of mktemp, but should be a
2247	    little better then just process id.</p>
2248	</blockquote>
2249      </body>
2250    </description>
2251    <references>
2252      <cvename>CVE-2014-5284</cvename>
2253      <url>http://www.ossec.net/?p=1135</url>
2254    </references>
2255    <dates>
2256      <discovery>2014-09-09</discovery>
2257      <entry>2014-09-11</entry>
2258    </dates>
2259  </vuln>
2260
2261  <vuln vid="6318b303-3507-11e4-b76c-0011d823eebd">
2262    <topic>trafficserver -- unspecified vulnerability</topic>
2263    <affects>
2264      <package>
2265	<name>trafficserver</name>
2266	<range><lt>5.0.1</lt></range>
2267      </package>
2268    </affects>
2269    <description>
2270      <body xmlns="http://www.w3.org/1999/xhtml">
2271	<p>Bryan Call reports:</p>
2272	<blockquote cite="http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07@yahoo-inc.com%3E">
2273	  <p>Below is our announcement for the security issue reported to us
2274	  from Yahoo! Japan.  All versions of Apache Traffic Server are
2275	  vulnerable.  We urge users to upgrade to either 4.2.1.1 or 5.0.1
2276	  immediately.</p>
2277	  <p>This fixes CVE-2014-3525 and limits access to how the health
2278	  checks are performed.</p>
2279	</blockquote>
2280      </body>
2281    </description>
2282    <references>
2283      <cvename>CVE-2014-3525</cvename>
2284      <url>http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07@yahoo-inc.com%3E</url>
2285    </references>
2286    <dates>
2287      <discovery>2014-07-23</discovery>
2288      <entry>2014-09-05</entry>
2289    </dates>
2290  </vuln>
2291
2292  <vuln vid="84203724-296b-11e4-bebd-000c2980a9f3">
2293    <topic>file -- buffer overruns and missing buffer size tests</topic>
2294    <affects>
2295      <package>
2296	<name>file</name>
2297	<range><lt>5.19</lt></range>
2298      </package>
2299    </affects>
2300    <description>
2301      <body xmlns="http://www.w3.org/1999/xhtml">
2302	<p>Christos Zoulas reports:</p>
2303	<blockquote cite="http://mx.gw.com/pipermail/file/2014/001553.html">
2304	  <p>A specially crafted file can cause a segmentation fault.</p>
2305	</blockquote>
2306      </body>
2307    </description>
2308    <references>
2309      <url>http://mx.gw.com/pipermail/file/2014/001553.html</url>
2310    </references>
2311    <dates>
2312      <discovery>2014-06-09</discovery>
2313      <entry>2014-08-21</entry>
2314    </dates>
2315  </vuln>
2316
2317  <vuln vid="3c5579f7-294a-11e4-99f6-00e0814cab4e">
2318    <topic>django -- multiple vulnerabilities</topic>
2319    <affects>
2320      <package>
2321	<name>py27-django</name>
2322	<range><ge>1.6</ge><lt>1.6.6</lt></range>
2323      </package>
2324      <package>
2325	<name>py27-django15</name>
2326	<range><ge>1.5</ge><lt>1.5.9</lt></range>
2327      </package>
2328      <package>
2329	<name>py27-django14</name>
2330	<range><ge>1.4</ge><lt>1.4.14</lt></range>
2331      </package>
2332      <package>
2333	<name>py32-django</name>
2334	<range><ge>1.6</ge><lt>1.6.6</lt></range>
2335      </package>
2336      <package>
2337	<name>py32-django15</name>
2338	<range><ge>1.5</ge><lt>1.5.9</lt></range>
2339      </package>
2340      <package>
2341	<name>py33-django</name>
2342	<range><ge>1.6</ge><lt>1.6.6</lt></range>
2343      </package>
2344      <package>
2345	<name>py33-django15</name>
2346	<range><ge>1.5</ge><lt>1.5.9</lt></range>
2347      </package>
2348      <package>
2349	<name>py34-django</name>
2350	<range><ge>1.6</ge><lt>1.6.6</lt></range>
2351      </package>
2352      <package>
2353	<name>py34-django15</name>
2354	<range><ge>1.5</ge><lt>1.5.9</lt></range>
2355      </package>
2356      <package>
2357	<name>py27-django-devel</name>
2358	<range><lt>20140821,1</lt></range>
2359      </package>
2360      <package>
2361	<name>py32-django-devel</name>
2362	<range><lt>20140821,1</lt></range>
2363      </package>
2364      <package>
2365	<name>py33-django-devel</name>
2366	<range><lt>20140821,1</lt></range>
2367      </package>
2368      <package>
2369	<name>py34-django-devel</name>
2370	<range><lt>20140821,1</lt></range>
2371      </package>
2372    </affects>
2373    <description>
2374      <body xmlns="http://www.w3.org/1999/xhtml">
2375	<p>The Django project reports:</p>
2376	<blockquote cite="https://www.djangoproject.com/weblog/2014/aug/20/security/">
2377	  <p>These releases address an issue with reverse() generating external
2378	    URLs; a denial of service involving file uploads; a potential
2379	    session hijacking issue in the remote-user middleware; and a data
2380	    leak in the administrative interface. We encourage all users of
2381	    Django to upgrade as soon as possible.</p>
2382	</blockquote>
2383      </body>
2384    </description>
2385    <references>
2386      <url>https://www.djangoproject.com/weblog/2014/aug/20/security/</url>
2387      <cvename>CVE-2014-0480</cvename>
2388      <cvename>CVE-2014-0481</cvename>
2389      <cvename>CVE-2014-0482</cvename>
2390      <cvename>CVE-2014-0483</cvename>
2391    </references>
2392    <dates>
2393      <discovery>2014-08-20</discovery>
2394      <entry>2014-08-21</entry>
2395    </dates>
2396  </vuln>
2397
2398  <vuln vid="d2a892b9-2605-11e4-9da0-00a0986f28c4">
2399    <topic>PHP multiple vulnerabilities</topic>
2400    <affects>
2401      <package>
2402	<name>php53</name>
2403	<range><lt>5.3.29</lt></range>
2404      </package>
2405    </affects>
2406    <description>
2407      <body xmlns="http://www.w3.org/1999/xhtml">
2408	<p>The PHP Team reports:</p>
2409	<blockquote cite="http://php.net/ChangeLog-5.php#5.3.29">
2410	  <p>insecure temporary file use in the configure script</p>
2411	  <p>unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
2412	    </p>
2413	  <p>Heap buffer over-read in DateInterval</p>
2414	  <p>fileinfo: cdf_read_short_sector insufficient boundary check</p>
2415	  <p>fileinfo: CDF infinite loop in nelements DoS</p>
2416	  <p>fileinfo: fileinfo: numerous file_printf calls resulting in
2417	    performance degradation)</p>
2418	  <p>Fix potential segfault in dns_check_record()</p>
2419	</blockquote>
2420      </body>
2421    </description>
2422    <references>
2423      <cvename>CVE-2013-6712</cvename>
2424      <cvename>CVE-2014-0207</cvename>
2425      <cvename>CVE-2014-0237</cvename>
2426      <cvename>CVE-2014-0238</cvename>
2427      <cvename>CVE-2014-3515</cvename>
2428      <cvename>CVE-2014-3981</cvename>
2429      <cvename>CVE-2014-4049</cvename>
2430      <url>http://php.net/ChangeLog-5.php#5.3.29</url>
2431      <url>https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html</url>
2432    </references>
2433    <dates>
2434      <discovery>2014-08-14</discovery>
2435      <entry>2014-08-18</entry>
2436    </dates>
2437  </vuln>
2438
2439  <vuln vid="fbb01289-2645-11e4-bc44-6805ca0b3d42">
2440    <topic>phpMyAdmin -- XSS vulnerabilities</topic>
2441    <affects>
2442      <package>
2443	<name>phpMyAdmin</name>
2444	<range><ge>4.2.0</ge><lt>4.2.7.1</lt></range>
2445      </package>
2446    </affects>
2447    <description>
2448      <body xmlns="http://www.w3.org/1999/xhtml">
2449	<p>The phpMyAdmin development team reports:</p>
2450	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php">
2451	  <p>Multiple XSS vulnerabilities in browse table, ENUM
2452	    editor, monitor, query charts and table relations pages.</p>
2453	  <p> With a crafted database, table or a primary/unique key
2454	    column name it is possible to trigger an XSS when dropping
2455	    a row from the table. With a crafted column name it is
2456	    possible to trigger an XSS in the ENUM editor dialog. With
2457	    a crafted variable name or a crafted value for unit field
2458	    it is possible to trigger a self-XSS when adding a new
2459	    chart in the monitor page. With a crafted value for x-axis
2460	    label it is possible to trigger a self-XSS in the query
2461	    chart page. With a crafted relation name it is possible to
2462	    trigger an XSS in table relations page.</p>
2463	</blockquote>
2464	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php">
2465	  <p>XSS in view operations page.</p>
2466	  <p>With a crafted view name it is possible to trigger an
2467	    XSS when dropping the view in view operation page.</p>
2468	</blockquote>
2469      </body>
2470    </description>
2471    <references>
2472      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php</url>
2473      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php</url>
2474      <cvename>CVE-2014-5273</cvename>
2475      <cvename>CVE-2014-5274</cvename>
2476    </references>
2477    <dates>
2478      <discovery>2014-08-17</discovery>
2479      <entry>2014-08-17</entry>
2480    </dates>
2481  </vuln>
2482
2483  <vuln vid="69048656-2187-11e4-802c-20cf30e32f6d">
2484    <topic>serf -- SSL Certificate Null Byte Poisoning</topic>
2485    <affects>
2486      <package>
2487	<name>serf</name>
2488	<range><lt>1.3.7</lt></range>
2489      </package>
2490    </affects>
2491    <description>
2492      <body xmlns="http://www.w3.org/1999/xhtml">
2493	<p>serf Development list reports:</p>
2494	<blockquote cite="https://groups.google.com/forum/#!topic/serf-dev/NvgPoK6sFsc">
2495	  <p>Serf provides APIs to retrieve information about a certificate.  These
2496	    APIs return the information as NUL terminated strings (commonly called C
2497	    strings).  X.509 uses counted length strings which may include a NUL byte.
2498	    This means that a library user will interpret any information as ending
2499	    upon seeing this NUL byte and will only see a partial value for that field.
2500	  </p>
2501	  <p>Attackers could exploit this vulnerability to create a certificate that a
2502	    client will accept for a different hostname than the full certificate is
2503	    actually for by embedding a NUL byte in the certificate.</p>
2504	  <p>This can lead to a man-in-the-middle attack.  There are no known instances
2505	    of this problem being exploited in the wild and in practice it should be
2506	    difficult to actually exploit this vulnerability.</p>
2507	</blockquote>
2508      </body>
2509    </description>
2510    <references>
2511      <cvename>CVE-2014-3504</cvename>
2512    </references>
2513    <dates>
2514      <discovery>2014-08-06</discovery>
2515      <entry>2014-08-11</entry>
2516    </dates>
2517  </vuln>
2518
2519  <vuln vid="83a418cc-2182-11e4-802c-20cf30e32f6d">
2520    <topic>subversion -- several vulnerabilities</topic>
2521    <affects>
2522      <package>
2523	<name>subversion16</name>
2524	<range><ge>1.0.0</ge><lt>1.7.18</lt></range>
2525      </package>
2526      <package>
2527	<name>subversion17</name>
2528	<range><ge>1.0.0</ge><lt>1.7.18</lt></range>
2529      </package>
2530      <package>
2531	<name>subversion</name>
2532	<range><ge>1.0.0</ge><lt>1.7.18</lt></range>
2533	<range><ge>1.8.0</ge><lt>1.8.10</lt></range>
2534      </package>
2535    </affects>
2536    <description>
2537      <body xmlns="http://www.w3.org/1999/xhtml">
2538	<p>Subversion Project reports:</p>
2539	<blockquote cite="http://subversion.apache.org/security/CVE-2014-3522-advisory.txt">
2540	  <p>Using the Serf RA layer of Subversion for HTTPS uses the apr_fnmatch API
2541	    to handle matching wildcards in certificate Common Names and Subject
2542	    Alternate Names.  However, apr_fnmatch is not designed for this purpose.
2543	    Instead it is designed to behave like common shell globbing.  In particular
2544	    this means that '*' is not limited to a single label within a hostname
2545	    (i.e. it will match '.').  But even further apr_fnmatch supports '?' and
2546	    character classes (neither of which are part of the RFCs defining how
2547	    certificate validation works).</p>
2548	  <p>Subversion stores cached credentials by an MD5 hash based on the URL and
2549	    the authentication realm of the server the credentials are cached for.
2550	    MD5 has been shown to be subject to chosen plaintext hash collisions.
2551	    This means it may be possible to generate an authentication realm which
2552	    results in the same MD5 hash for a different URL.</p>
2553	</blockquote>
2554      </body>
2555    </description>
2556    <references>
2557      <cvename>CVE-2014-3522</cvename>
2558      <cvename>CVE-2014-3528</cvename>
2559      <url>http://subversion.apache.org/security/CVE-2014-3522-advisory.txt</url>
2560      <url>http://subversion.apache.org/security/CVE-2014-3528-advisory.txt</url>
2561    </references>
2562    <dates>
2563      <discovery>2014-08-06</discovery>
2564      <entry>2014-08-11</entry>
2565    </dates>
2566  </vuln>
2567
2568  <vuln vid="ad747a01-1fee-11e4-8ff1-f0def16c5c1b">
2569    <topic>nginx -- inject commands into SSL session vulnerability</topic>
2570    <affects>
2571      <package>
2572	<name>nginx</name>
2573	<range><ge>1.6.0,2</ge><lt>1.6.1,2</lt></range>
2574      </package>
2575      <package>
2576	<name>nginx-devel</name>
2577	<range><ge>1.5.6</ge><lt>1.7.4</lt></range>
2578      </package>
2579    </affects>
2580    <description>
2581      <body xmlns="http://www.w3.org/1999/xhtml">
2582	<p>The nginx project reports:</p>
2583	<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html">
2584	  <p>Security: pipelined commands were not discarded after STARTTLS
2585	    command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.</p>
2586	</blockquote>
2587      </body>
2588    </description>
2589    <references>
2590      <cvename>CVE-2014-3556</cvename>
2591      <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html</url>
2592    </references>
2593    <dates>
2594      <discovery>2014-08-05</discovery>
2595      <entry>2014-08-09</entry>
2596    </dates>
2597  </vuln>
2598
2599  <vuln vid="8aff07eb-1dbd-11e4-b6ba-3c970e169bc2">
2600    <topic>OpenSSL -- multiple vulnerabilities</topic>
2601    <affects>
2602      <package>
2603	<name>openssl</name>
2604	<range><ge>1.0.1</ge><lt>1.0.1_14</lt></range>
2605      </package>
2606      <package>
2607	<name>mingw32-openssl</name>
2608	<range><ge>1.0.1</ge><lt>1.0.1i</lt></range>
2609      </package>
2610      <package>
2611	<name>FreeBSD</name>
2612	<range><ge>8.4</ge><lt>8.4_15</lt></range>
2613	<range><ge>9.1</ge><lt>9.1_18</lt></range>
2614	<range><ge>9.2</ge><lt>9.2_11</lt></range>
2615	<range><ge>9.3</ge><lt>9.3_1</lt></range>
2616	<range><ge>10.0</ge><lt>10.0_8</lt></range>
2617      </package>
2618    </affects>
2619    <description>
2620      <body xmlns="http://www.w3.org/1999/xhtml">
2621	<p>The OpenSSL Project reports:</p>
2622	<blockquote cite="https://www.openssl.org/news/secadv_20140806.txt">
2623	  <p>A flaw in OBJ_obj2txt may cause pretty printing functions
2624	    such as X509_name_oneline, X509_name_print_ex et al. to leak
2625	    some information from the stack. [CVE-2014-3508]</p>
2626	  <p>The issue affects OpenSSL clients and allows a malicious
2627	    server to crash the client with a null pointer dereference
2628	    (read) by specifying an SRP ciphersuite even though it was
2629	    not properly negotiated with the client. [CVE-2014-5139]</p>
2630	  <p>If a multithreaded client connects to a malicious server
2631	    using a resumed session and the server sends an ec point
2632	    format extension it could write up to 255 bytes to freed
2633	    memory. [CVE-2014-3509]</p>
2634	  <p>An attacker can force an error condition which causes
2635	    openssl to crash whilst processing DTLS packets due to
2636	    memory being freed twice. This can be exploited through
2637	    a Denial of Service attack. [CVE-2014-3505]</p>
2638	  <p>An attacker can force openssl to consume large amounts
2639	    of memory whilst processing DTLS handshake messages.
2640	    This can be exploited through a Denial of Service
2641	    attack. [CVE-2014-3506]</p>
2642	  <p>By sending carefully crafted DTLS packets an attacker
2643	    could cause openssl to leak memory. This can be exploited
2644	    through a Denial of Service attack. [CVE-2014-3507]</p>
2645	  <p>OpenSSL DTLS clients enabling anonymous (EC)DH
2646	    ciphersuites are subject to a denial of service attack.
2647	    A malicious server can crash the client with a null pointer
2648	    dereference (read) by specifying an anonymous (EC)DH
2649	    ciphersuite and sending carefully crafted handshake
2650	    messages. [CVE-2014-3510]</p>
2651	  <p>A flaw in the OpenSSL SSL/TLS server code causes the
2652	    server to negotiate TLS 1.0 instead of higher protocol
2653	    versions when the ClientHello message is badly
2654	    fragmented. This allows a man-in-the-middle attacker
2655	    to force a downgrade to TLS 1.0 even if both the server
2656	    and the client support a higher protocol version, by
2657	    modifying the client's TLS records. [CVE-2014-3511]</p>
2658	  <p>A malicious client or server can send invalid SRP
2659	    parameters and overrun an internal buffer.  Only
2660	    applications which are explicitly set up for SRP
2661	    use are affected. [CVE-2014-3512]</p>
2662	</blockquote>
2663      </body>
2664    </description>
2665    <references>
2666      <url>https://www.openssl.org/news/secadv_20140806.txt</url>
2667      <freebsdsa>SA-14:18.openssl</freebsdsa>
2668      <cvename>CVE-2014-3505</cvename>
2669      <cvename>CVE-2014-3506</cvename>
2670      <cvename>CVE-2014-3507</cvename>
2671      <cvename>CVE-2014-3508</cvename>
2672      <cvename>CVE-2014-3509</cvename>
2673      <cvename>CVE-2014-3510</cvename>
2674      <cvename>CVE-2014-3511</cvename>
2675      <cvename>CVE-2014-3512</cvename>
2676      <cvename>CVE-2014-5139</cvename>
2677    </references>
2678    <dates>
2679      <discovery>2014-08-06</discovery>
2680      <entry>2014-08-06</entry>
2681      <modified>2016-08-09</modified>
2682    </dates>
2683  </vuln>
2684
2685  <vuln vid="be5421ab-1b56-11e4-a767-5453ed2e2b49">
2686    <topic>krfb -- Possible Denial of Service or code execution via integer overflow</topic>
2687    <affects>
2688      <package>
2689	<name>krfb</name>
2690	<range><lt>4.12.5_1</lt></range>
2691      </package>
2692    </affects>
2693    <description>
2694      <body xmlns="http://www.w3.org/1999/xhtml">
2695	<p>Albert Aastals Cid reports:</p>
2696	<blockquote cite="http://lists.kde.org/?l=kde-announce&amp;m=140709940701878&amp;w=2">
2697	  <p>krfb embeds libvncserver which embeds liblzo2, it contains various
2698	    flaws that result in integer overflow problems.</p>
2699	  <p>This potentially allows a malicious application to create a
2700	    possible denial of service or code execution. Due to the need to
2701	    exploit precise details of the target architecture and threading it
2702	    is unlikely that remote code execution can be achieved in
2703	    practice.</p>
2704	</blockquote>
2705      </body>
2706    </description>
2707    <references>
2708      <cvename>CVE-2014-4607</cvename>
2709      <mlist>http://lists.kde.org/?l=kde-announce&amp;m=140709940701878&amp;w=2</mlist>
2710    </references>
2711    <dates>
2712      <discovery>2014-08-03</discovery>
2713      <entry>2014-08-03</entry>
2714    </dates>
2715  </vuln>
2716
2717  <vuln vid="89ff45e3-1a57-11e4-bebd-000c2980a9f3">
2718    <topic>samba -- remote code execution</topic>
2719    <affects>
2720      <package>
2721	<name>samba4</name>
2722	<range><ge>4.0.0</ge><lt>4.0.21</lt></range>
2723      </package>
2724      <package>
2725	<name>samba41</name>
2726	<range><ge>4.1.0</ge><lt>4.1.11</lt></range>
2727      </package>
2728    </affects>
2729    <description>
2730      <body xmlns="http://www.w3.org/1999/xhtml">
2731	<p>Samba developers report:</p>
2732	<blockquote cite="http://www.samba.org/samba/security/CVE-2014-3560">
2733	  <p>A malicious browser can send packets that may overwrite the heap of
2734	    the target nmbd NetBIOS name services daemon. It may be possible to
2735	    use this to generate a remote code execution vulnerability as the
2736	    superuser (root).</p>
2737	</blockquote>
2738      </body>
2739    </description>
2740    <references>
2741      <cvename>CVE-2014-3560</cvename>
2742      <url>http://www.samba.org/samba/security/CVE-2014-3560</url>
2743    </references>
2744    <dates>
2745      <discovery>2014-07-31</discovery>
2746      <entry>2014-08-02</entry>
2747    </dates>
2748  </vuln>
2749
2750  <vuln vid="90ca3ba5-19e6-11e4-8616-001b3856973b">
2751    <topic>gpgme -- heap-based buffer overflow in gpgsm status handler</topic>
2752    <affects>
2753      <package>
2754	<name>gpgme</name>
2755	<range><lt>1.5.0</lt></range>
2756      </package>
2757    </affects>
2758    <description>
2759      <body xmlns="http://www.w3.org/1999/xhtml">
2760	<p>Tomas Trnka reports:</p>
2761	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1113267">
2762	  <p>Gpgme contains a buffer overflow in the gpgsm status handler
2763	    that could possibly be exploited using a specially crafted certificate.</p>
2764	</blockquote>
2765      </body>
2766    </description>
2767    <references>
2768      <cvename>CVE-2014-3564</cvename>
2769      <url>https://bugzilla.redhat.com/show_bug.cgi?id=1113267</url>
2770    </references>
2771    <dates>
2772      <discovery>2014-06-25</discovery>
2773      <entry>2014-08-02</entry>
2774    </dates>
2775  </vuln>
2776
2777  <vuln vid="2f90556f-18c6-11e4-9cc4-5453ed2e2b49">
2778    <topic>kdelibs -- KAuth PID Reuse Flaw</topic>
2779    <affects>
2780      <package>
2781	<name>kdelibs</name>
2782	<range><lt>4.12.5_3</lt></range>
2783      </package>
2784    </affects>
2785    <description>
2786      <body xmlns="http://www.w3.org/1999/xhtml">
2787	<p>Martin Sandsmark reports:</p>
2788	<blockquote cite="http://lists.kde.org/?l=kde-announce&amp;m=140674898412923&amp;w=2">
2789	  <p>The KAuth framework uses polkit-1 API which tries to authenticate
2790	    using the requestors PID. This is prone to PID reuse race
2791	    conditions.</p>
2792	  <p>This potentially allows a malicious application to pose as another
2793	    for authentication purposes when executing privileged actions.</p>
2794	</blockquote>
2795      </body>
2796    </description>
2797    <references>
2798      <cvename>CVE-2014-5033</cvename>
2799      <mlist>http://lists.kde.org/?l=kde-announce&amp;m=140674898412923&amp;w=2</mlist>
2800    </references>
2801    <dates>
2802      <discovery>2014-07-30</discovery>
2803      <entry>2014-07-31</entry>
2804    </dates>
2805  </vuln>
2806
2807  <vuln vid="31c09848-1829-11e4-bf04-60a44c524f57">
2808    <topic>tor -- traffic confirmation attack</topic>
2809    <affects>
2810      <package>
2811	<name>tor</name>
2812	<range><lt>0.2.4.23</lt></range>
2813      </package>
2814      <package>
2815	<name>tor-devel</name>
2816	<range><lt>0.2.5.6.a</lt></range>
2817      </package>
2818    </affects>
2819    <description>
2820      <body xmlns="http://www.w3.org/1999/xhtml">
2821	<p>The Tor Project reports:</p>
2822	<blockquote cite="https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html">
2823	  <p>Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a
2824	    circuit after an inbound RELAY_EARLY cell is received by a client,
2825	    which makes it easier for remote attackers to conduct
2826	    traffic-confirmation attacks by using the pattern of RELAY and
2827	    RELAY_EARLY cells as a means of communicating information about
2828	    hidden service names.</p>
2829	</blockquote>
2830      </body>
2831    </description>
2832    <references>
2833      <url>https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html</url>
2834      <url>https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack</url>
2835      <cvename>CVE-2014-5117</cvename>
2836    </references>
2837    <dates>
2838      <discovery>2014-07-30</discovery>
2839      <entry>2014-07-30</entry>
2840    </dates>
2841  </vuln>
2842
2843  <vuln vid="13419364-1685-11e4-bf04-60a44c524f57">
2844    <topic>i2p -- Multiple Vulnerabilities</topic>
2845    <affects>
2846      <package>
2847	<name>i2p</name>
2848	<range><lt>0.9.14</lt></range>
2849      </package>
2850    </affects>
2851    <description>
2852      <body xmlns="http://www.w3.org/1999/xhtml">
2853	<p>The i2p project reports:</p>
2854	<blockquote cite="http://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release">
2855	  <p>XSS and remote execution vulnerabilities reported by Exodus Intelligence.</p>
2856	</blockquote>
2857	<p>Exodus Intelligence reports:</p>
2858	<blockquote cite="http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/">
2859	  <p>The vulnerability we have found is able to perform remote code
2860	     execution with a specially crafted payload. This payload can be
2861	     customized to unmask a user and show the public IP address in
2862	     which the user connected from within 'a couple of seconds.'</p>
2863	</blockquote>
2864      </body>
2865    </description>
2866    <references>
2867      <url>http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/</url>
2868      <url>http://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release</url>
2869    </references>
2870    <dates>
2871      <discovery>2014-07-24</discovery>
2872      <entry>2014-07-28</entry>
2873    </dates>
2874  </vuln>
2875
2876  <vuln vid="9defb2d6-1404-11e4-8cae-20cf30e32f6d">
2877    <topic>bugzilla -- Cross Site Request Forgery</topic>
2878    <affects>
2879      <package>
2880	<name>bugzilla44</name>
2881	<range><lt>4.4.5</lt></range>
2882      </package>
2883    </affects>
2884    <description>
2885      <body xmlns="http://www.w3.org/1999/xhtml">
2886	<h1>A Bugzilla Security Advisory reports:</h1>
2887	<blockquote cite="http://www.bugzilla.org/security/4.0.13/">
2888	  <p>Adobe does not properly restrict the SWF file format,
2889	    which allows remote attackers to conduct cross-site
2890	    request forgery (CSRF) attacks against Bugzilla's JSONP
2891	    endpoint, possibly obtaining sensitive bug information,
2892	    via a crafted OBJECT element with SWF content satisfying
2893	    the character-set requirements of a callback API.</p>
2894	</blockquote>
2895      </body>
2896    </description>
2897    <references>
2898      <cvename>CVE-2014-1546</cvename>
2899    </references>
2900    <dates>
2901      <discovery>2014-07-24</discovery>
2902      <entry>2014-07-25</entry>
2903    </dates>
2904  </vuln>
2905
2906  <vuln vid="f927e06c-1109-11e4-b090-20cf30e32f6d">
2907    <topic>apache22 -- several vulnerabilities</topic>
2908    <affects>
2909      <package>
2910	<name>apache22</name>
2911	<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
2912      </package>
2913      <package>
2914	<name>apache22-event-mpm</name>
2915	<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
2916      </package>
2917      <package>
2918	<name>apache22-itk-mpm</name>
2919	<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
2920      </package>
2921      <package>
2922	<name>apache22-peruser-mpm</name>
2923	<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
2924      </package>
2925      <package>
2926	<name>apache22-worker-mpm</name>
2927	<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
2928      </package>
2929    </affects>
2930    <description>
2931      <body xmlns="http://www.w3.org/1999/xhtml">
2932	<p>Apache HTTP SERVER PROJECT reports:</p>
2933	  <blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.29">
2934	  <p> mod_deflate: The DEFLATE input filter (inflates request bodies) now
2935	    limits the length and compression ratio of inflated request bodies to
2936	    avoid denial of service via highly compressed bodies.  See directives
2937	    DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
2938	    DeflateInflateRatioBurst.</p>
2939	  <p>mod_cgid: Fix a denial of service against CGI scripts that do not consume
2940	    stdin that could lead to lingering HTTPD child processes filling up the
2941	    scoreboard and eventually hanging the server.  By default, the client I/O
2942	    timeout (Timeout directive) now applies to communication with scripts.  The
2943	    CGIDScriptTimeout directive can be used to set a different timeout for
2944	    communication with scripts.</p>
2945	  <p>Fix a race condition in scoreboard handling, which could lead to a heap
2946	    buffer overflow.</p>
2947	  <p>core: HTTP trailers could be used to replace HTTP headers late during
2948	    request processing, potentially undoing or otherwise confusing modules
2949	    that examined or modified request headers earlier.  Adds "MergeTrailers"
2950	    directive to restore legacy behavior.</p>
2951	</blockquote>
2952      </body>
2953    </description>
2954    <references>
2955      <cvename>CVE-2014-0118</cvename>
2956      <cvename>CVE-2014-0231</cvename>
2957      <cvename>CVE-2014-0226</cvename>
2958      <cvename>CVE-2013-5704</cvename>
2959    </references>
2960    <dates>
2961      <discovery>2014-07-19</discovery>
2962      <entry>2014-07-24</entry>
2963      <modified>2014-09-03</modified>
2964    </dates>
2965  </vuln>
2966
2967  <vuln vid="81fc1076-1286-11e4-bebd-000c2980a9f3">
2968    <topic>tomcat -- multiple vulnerabilities</topic>
2969    <affects>
2970      <package>
2971	<name>tomcat</name>
2972	<range><lt>6.0.40</lt></range>
2973      </package>
2974      <package>
2975	<name>tomcat7</name>
2976	<range><lt>7.0.53</lt></range>
2977      </package>
2978      <package>
2979	<name>tomcat8</name>
2980	<range><lt>8.0.4</lt></range>
2981      </package>
2982    </affects>
2983    <description>
2984      <body xmlns="http://www.w3.org/1999/xhtml">
2985	<p>Tomcat Security Team reports:</p>
2986	<blockquote cite="https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.54">
2987	  <p>Tomcat does not properly restrict XSLT stylesheets, which allows
2988	    remote attackers to bypass security-manager restrictions and read
2989	    arbitrary files via a crafted web application that provides an XML
2990	    external entity declaration in conjunction with an entity
2991	    reference, related to an XML External Entity (XXE) issue.</p>
2992	  <p>An integer overflow, when operated behind a reverse proxy, allows
2993	    remote attackers to conduct HTTP request smuggling attacks via a
2994	    crafted Content-Length HTTP header.</p>
2995	  <p>An integer overflow in parseChunkHeader allows remote attackers
2996	    to cause a denial of service (resource consumption) via a malformed
2997	    chunk size in chunked transfer coding of a request during the
2998	    streaming of data.</p>
2999	</blockquote>
3000      </body>
3001    </description>
3002    <references>
3003      <cvename>CVE-2014-0096</cvename>
3004      <cvename>CVE-2014-0099</cvename>
3005      <cvename>CVE-2014-0075</cvename>
3006      <url>https://tomcat.apache.org/security-6.html</url>
3007      <url>https://tomcat.apache.org/security-7.html</url>
3008      <url>https://tomcat.apache.org/security-8.html</url>
3009    </references>
3010    <dates>
3011      <discovery>2014-05-23</discovery>
3012      <entry>2014-07-23</entry>
3013      <modified>2017-03-18</modified>
3014    </dates>
3015  </vuln>
3016
3017  <vuln vid="978b0f76-122d-11e4-afe3-bc5ff4fb5e7b">
3018    <topic>mozilla -- multiple vulnerabilities</topic>
3019    <affects>
3020      <package>
3021	<name>firefox</name>
3022	<range><lt>31.0,1</lt></range>
3023      </package>
3024      <package>
3025	<name>firefox-esr</name>
3026	<range><lt>24.7.0,1</lt></range>
3027      </package>
3028      <package>
3029	<name>linux-firefox</name>
3030	<range><lt>31.0,1</lt></range>
3031      </package>
3032      <package>
3033	<name>linux-thunderbird</name>
3034	<range><lt>24.7.0</lt></range>
3035      </package>
3036      <package>
3037	<name>thunderbird</name>
3038	<range><lt>24.7.0</lt></range>
3039      </package>
3040      <package>
3041	<name>nss</name>
3042	<range><lt>3.16.1_2</lt></range>
3043	<!-- CVE-2014-1544/Bug 963150 -->
3044      </package>
3045    </affects>
3046    <description>
3047      <body xmlns="http://www.w3.org/1999/xhtml">
3048	<p>The Mozilla Project reports:</p>
3049	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
3050	  <p>MFSA 2014-66 IFRAME sandbox same-origin access through
3051	    redirect</p>
3052	  <p>MFSA 2014-65 Certificate parsing broken by non-standard
3053	    character encoding</p>
3054	  <p>MFSA 2014-64 Crash in Skia library when scaling high
3055	    quality images</p>
3056	  <p>MFSA 2014-63 Use-after-free while when manipulating
3057	    certificates in the trusted cache</p>
3058	  <p>MFSA 2014-62 Exploitable WebGL crash with Cesium
3059	    JavaScript library</p>
3060	  <p>MFSA 2014-61 Use-after-free with FireOnStateChange
3061	    event</p>
3062	  <p>MFSA 2014-60 Toolbar dialog customization event
3063	    spoofing</p>
3064	  <p>MFSA 2014-59 Use-after-free in DirectWrite font
3065	    handling</p>
3066	  <p>MFSA 2014-58 Use-after-free in Web Audio due to
3067	    incorrect control message ordering</p>
3068	  <p>MFSA 2014-57 Buffer overflow during Web Audio
3069	    buffering for playback</p>
3070	  <p>MFSA 2014-56 Miscellaneous memory safety hazards
3071	    (rv:31.0 / rv:24.7)</p>
3072	</blockquote>
3073      </body>
3074    </description>
3075    <references>
3076      <cvename>CVE-2014-1544</cvename>
3077      <cvename>CVE-2014-1547</cvename>
3078      <cvename>CVE-2014-1548</cvename>
3079      <cvename>CVE-2014-1549</cvename>
3080      <cvename>CVE-2014-1550</cvename>
3081      <cvename>CVE-2014-1551</cvename>
3082      <cvename>CVE-2014-1552</cvename>
3083      <cvename>CVE-2014-1555</cvename>
3084      <cvename>CVE-2014-1556</cvename>
3085      <cvename>CVE-2014-1557</cvename>
3086      <cvename>CVE-2014-1558</cvename>
3087      <cvename>CVE-2014-1559</cvename>
3088      <cvename>CVE-2014-1560</cvename>
3089      <cvename>CVE-2014-1561</cvename>
3090      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-56.html</url>
3091      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-57.html</url>
3092      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-58.html</url>
3093      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-59.html</url>
3094      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-60.html</url>
3095      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-61.html</url>
3096      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-62.html</url>
3097      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-63.html</url>
3098      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-64.html</url>
3099      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-65.html</url>
3100      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-66.html</url>
3101      <url>https://www.mozilla.org/security/announce/</url>
3102    </references>
3103    <dates>
3104      <discovery>2014-07-22</discovery>
3105      <entry>2014-07-23</entry>
3106    </dates>
3107  </vuln>
3108
3109  <vuln vid="ecea9e92-0be5-4931-88da-8772d044972a">
3110    <topic>mcollective -- cert valication issue</topic>
3111    <affects>
3112      <package>
3113	<name>mcollective</name>
3114	<range><lt>2.5.3</lt></range>
3115      </package>
3116    </affects>
3117    <description>
3118      <body xmlns="http://www.w3.org/1999/xhtml">
3119	<p>Melissa Stone reports:</p>
3120	<blockquote cite="https://groups.google.com/forum/#!topic/puppet-announce/cPykqUXMmK4">
3121	  <p>The MCollective aes_security public key plugin does not correctly
3122	    validate certs against the CA. By exploiting this vulnerability
3123	    within a race/initialization window, an attacker with local access
3124	    could initiate an unauthorized MCollective client connection with a
3125	    server, and thus control the mcollective plugins running on that
3126	    server. This vulnerability requires a collective be configured to
3127	    use the aes_security plugin. Puppet Enterprise and open source
3128	    MCollective are not configured to use the plugin and are not
3129	    vulnerable by default.</p>
3130	</blockquote>
3131      </body>
3132    </description>
3133    <references>
3134      <cvename>CVE-2014-3251</cvename>
3135      <url>https://groups.google.com/forum/#!topic/puppet-announce/cPykqUXMmK4</url>
3136    </references>
3137    <dates>
3138      <discovery>2014-07-09</discovery>
3139      <entry>2014-07-21</entry>
3140    </dates>
3141  </vuln>
3142
3143  <vuln vid="904d78b8-0f7e-11e4-8b71-5453ed2e2b49">
3144    <topic>qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler</topic>
3145    <affects>
3146      <package>
3147	<name>qt4-imageformats</name>
3148	<range><lt>4.8.6_1</lt></range>
3149      </package>
3150      <package>
3151	<name>qt5-gui</name>
3152	<range><lt>5.2.1_4</lt></range>
3153      </package>
3154    </affects>
3155    <description>
3156      <body xmlns="http://www.w3.org/1999/xhtml">
3157	<p>Richard J. Moore reports:</p>
3158	<blockquote cite="http://lists.qt-project.org/pipermail/announce/2014-April/000045.html">
3159	  <p>The builtin GIF decoder in QtGui prior to Qt 5.3 contained a bug
3160	    that would lead to a null pointer dereference when loading certain
3161	    hand crafted corrupt GIF files. This in turn would cause the
3162	    application loading these hand crafted GIFs to crash.</p>
3163	</blockquote>
3164      </body>
3165    </description>
3166    <references>
3167      <cvename>CVE-2014-0190</cvename>
3168      <bid>67087</bid>
3169      <mlist>http://lists.qt-project.org/pipermail/announce/2014-April/000045.html</mlist>
3170    </references>
3171    <dates>
3172      <discovery>2014-04-24</discovery>
3173      <entry>2014-07-19</entry>
3174      <modified>2014-07-21</modified>
3175    </dates>
3176  </vuln>
3177
3178  <vuln vid="4364e1f1-0f44-11e4-b090-20cf30e32f6d">
3179    <topic>apache24 -- several vulnerabilities</topic>
3180    <affects>
3181      <package>
3182	<name>apache24</name>
3183	<range><lt>2.4.10</lt></range>
3184      </package>
3185    </affects>
3186    <description>
3187      <body xmlns="http://www.w3.org/1999/xhtml">
3188	<h1>Apache HTTP SERVER PROJECT reports:</h1>
3189	<blockquote cite="http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&amp;pathrev=1610737">
3190	  <p>mod_proxy: Fix crash in Connection header handling which allowed a
3191	    denial of service attack against a reverse proxy with a threaded MPM.</p>
3192	  <p>Fix a race condition in scoreboard handling, which could lead to a
3193	    heap buffer overflow.</p>
3194	  <p>mod_deflate: The DEFLATE input filter (inflates request bodies) now
3195	    limits the length and compression ratio of inflated request bodies to avoid
3196	    denial of sevice via highly compressed bodies.  See directives
3197	    DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
3198	    and DeflateInflateRatioBurst.</p>
3199	  <p>mod_cgid: Fix a denial of service against CGI scripts that do
3200	    not consume stdin that could lead to lingering HTTPD child processes
3201	    filling up the scoreboard and eventually hanging the server.  By
3202	    default, the client I/O timeout (Timeout directive) now applies to
3203	    communication with scripts.  The CGIDScriptTimeout directive can be
3204	    used to set a different timeout for communication with scripts.</p>
3205	</blockquote>
3206      </body>
3207    </description>
3208    <references>
3209      <cvename>CVE-2014-0117</cvename>
3210      <cvename>CVE-2014-3523</cvename>
3211      <cvename>CVE-2014-0226</cvename>
3212      <cvename>CVE-2014-0118</cvename>
3213      <cvename>CVE-2014-0231</cvename>
3214    </references>
3215    <dates>
3216      <discovery>2014-07-15</discovery>
3217      <entry>2014-07-19</entry>
3218    </dates>
3219  </vuln>
3220
3221  <vuln vid="3f09ca29-0e48-11e4-b17a-6805ca0b3d42">
3222    <topic>phpMyAdmin -- multiple XSS vulnerabilities, missing validation</topic>
3223    <affects>
3224      <package>
3225	<name>phpMyAdmin</name>
3226	<range><ge>4.2.0</ge><lt>4.2.6</lt></range>
3227      </package>
3228    </affects>
3229    <description>
3230      <body xmlns="http://www.w3.org/1999/xhtml">
3231	<p>The phpMyAdmin development team reports:</p>
3232	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php">
3233	  <p>Self-XSS due to unescaped HTML output in database
3234	    structure page.</p>
3235	  <p>With a crafted table comment, it is possible to trigger
3236	    an XSS in database structure page.</p>
3237	</blockquote>
3238	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php">
3239	  <p>Self-XSS due to unescaped HTML output in database
3240	    triggers page.</p>
3241	  <p>When navigating into the database triggers page, it is
3242	    possible to trigger an XSS with a crafted trigger
3243	    name.</p>
3244	</blockquote>
3245	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php">
3246	  <p>Multiple XSS in AJAX confirmation messages.</p>
3247	  <p>With a crafted column name it is possible to trigger an
3248	    XSS when dropping the column in table structure page. With
3249	    a crafted table name it is possible to trigger an XSS when
3250	    dropping or truncating the table in table operations
3251	    page.</p>
3252	</blockquote>
3253	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php">
3254	  <p>Access for an unprivileged user to MySQL user list.</p>
3255	  <p>An unpriviledged user could view the MySQL user list and
3256	    manipulate the tabs displayed in phpMyAdmin for them.</p>
3257	</blockquote>
3258      </body>
3259    </description>
3260    <references>
3261      <cvename>CVE-2014-4954</cvename>
3262      <cvename>CVE-2014-4955</cvename>
3263      <cvename>CVE-2014-4986</cvename>
3264      <cvename>CVE-2014-4987</cvename>
3265      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php</url>
3266      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php</url>
3267      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php</url>
3268      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php</url>
3269    </references>
3270    <dates>
3271      <discovery>2014-07-18</discovery>
3272      <entry>2014-07-18</entry>
3273      <modified>2014-07-20</modified>
3274    </dates>
3275  </vuln>
3276
3277  <vuln vid="4a114331-0d24-11e4-8dd2-5453ed2e2b49">
3278    <topic>kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw</topic>
3279    <affects>
3280      <package>
3281	<name>kdelibs</name>
3282	<range><ge>4.10.95</ge><lt>4.12.5_2</lt></range>
3283      </package>
3284    </affects>
3285    <description>
3286      <body xmlns="http://www.w3.org/1999/xhtml">
3287	<p>Richard J. Moore reports:</p>
3288	<blockquote cite="http://www.kde.org/info/security/advisory-20140618-1.txt">
3289	  <p>The POP3 kioslave used by KMail will accept invalid
3290	  certificates without presenting a dialog to the user due a
3291	  bug that leads to an inability to display the dialog
3292	  combined with an error in the way the result is checked.</p>
3293	  <p>This flaw allows an active attacker to perform MITM
3294	  attacks against the ioslave which could result in the leakage of
3295	  sensitive data such as the authentication details and the contents of
3296	  emails.</p>
3297	</blockquote>
3298      </body>
3299    </description>
3300    <references>
3301      <cvename>CVE-2014-3494</cvename>
3302      <bid>68113</bid>
3303      <mlist>http://lists.kde.org/?l=kde-announce&amp;m=140312275318160&amp;w=2</mlist>
3304    </references>
3305    <dates>
3306      <discovery>2014-06-17</discovery>
3307      <entry>2014-07-16</entry>
3308    </dates>
3309  </vuln>
3310
3311  <vuln vid="ff98087f-0a8f-11e4-b00b-5453ed2e2b49">
3312    <topic>postfixadmin -- SQL injection vulnerability</topic>
3313    <affects>
3314      <package>
3315	<name>postfixadmin</name>
3316	<range><lt>2.3.7</lt></range>
3317      </package>
3318    </affects>
3319    <description>
3320      <body xmlns="http://www.w3.org/1999/xhtml">
3321	<p>Thijs Kinkhorst reports:</p>
3322	<blockquote cite="http://www.openwall.com/lists/oss-security/2014/03/26/6">
3323	  <p>Postfixadmin has an SQL injection vulnerability. This
3324	    vulnerability is only exploitable by authenticated users able to
3325	    create new aliases.</p>
3326	</blockquote>
3327      </body>
3328    </description>
3329    <references>
3330      <cvename>CVE-2014-2655</cvename>
3331      <bid>66455</bid>
3332      <freebsdpr>ports/189248</freebsdpr>
3333      <mlist>http://www.openwall.com/lists/oss-security/2014/03/26/6</mlist>
3334      <url>https://www.debian.org/security/2014/dsa-2889</url>
3335    </references>
3336    <dates>
3337      <discovery>2014-03-28</discovery>
3338      <entry>2014-07-13</entry>
3339      <modified>2015-09-28</modified>
3340    </dates>
3341  </vuln>
3342
3343  <vuln vid="e6a7636a-02d0-11e4-88b6-080027671656">
3344    <topic>dbus -- multiple vulnerabilities</topic>
3345    <affects>
3346      <package>
3347	<name>dbus</name>
3348	<range><lt>1.8.6</lt></range>
3349      </package>
3350    </affects>
3351    <description>
3352      <body xmlns="http://www.w3.org/1999/xhtml">
3353	<p>Simon McVittie reports:</p>
3354	<blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-July/016235.html">
3355	  <p>Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's
3356	    support for file descriptor passing. A malicious process could
3357	    force system services or user applications to be disconnected
3358	    from the D-Bus system bus by sending them a message containing
3359	    a file descriptor, then causing that file descriptor to exceed
3360	    the kernel's maximum recursion depth (itself introduced to fix
3361	    a DoS) before dbus-daemon forwards the message to the victim
3362	    process. Most services and applications exit when disconnected
3363	    from the system bus, leading to a denial of service.</p>
3364	  <p>Additionally, Alban discovered that bug fd.o#79694, a bug
3365	    previously reported by Alejandro Martínez Suárez which was n
3366	    believed to be security flaw, could be used for a similar denial
3367	    of service, by causing dbus-daemon to attempt to forward invalid
3368	    file descriptors to a victim process when file descriptors become
3369	    associated with the wrong message.</p>
3370	</blockquote>
3371      </body>
3372    </description>
3373    <references>
3374      <cvename>CVE-2014-3532</cvename>
3375      <cvename>CVE-2014-3533</cvename>
3376      <url>http://lists.freedesktop.org/archives/dbus/2014-July/016235.html</url>
3377    </references>
3378    <dates>
3379      <discovery>2014-07-02</discovery>
3380      <entry>2014-07-03</entry>
3381    </dates>
3382  </vuln>
3383
3384  <vuln vid="17dfd984-feba-11e3-b938-5404a68ad561">
3385    <topic>mencoder -- potential buffer overrun when processing malicious lzo compressed input</topic>
3386    <affects>
3387      <package>
3388	<name>mencoder</name>
3389	<range><lt>1.1.r20140418_1</lt></range>
3390      </package>
3391    </affects>
3392    <description>
3393      <body xmlns="http://www.w3.org/1999/xhtml">
3394	<p>Michael Niedermayer and Luca Barbato report in upstream ffmpeg:</p>
3395	<blockquote>
3396	  <p>avutil/lzo: Fix integer overflow</p>
3397	</blockquote>
3398      </body>
3399    </description>
3400    <references>
3401      <url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccda51b14c0fcae2fad73a24872dce75a7964996</url>
3402      <url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee</url>
3403      <cvename>CVE-2014-4610</cvename>
3404    </references>
3405    <dates>
3406      <discovery>2014-06-24</discovery>
3407      <entry>2014-06-28</entry>
3408    </dates>
3409  </vuln>
3410
3411  <vuln vid="9ab3a22c-feb8-11e3-b938-5404a68ad561">
3412    <topic>mplayer -- potential buffer overrun when processing malicious lzo compressed input</topic>
3413    <affects>
3414      <package>
3415	<name>mplayer</name>
3416	<range><lt>1.1.r20140418_3</lt></range>
3417      </package>
3418    </affects>
3419    <description>
3420      <body xmlns="http://www.w3.org/1999/xhtml">
3421	<p>Michael Niedermayer and Luca Barbato report in upstream ffmpeg:</p>
3422	<blockquote>
3423	  <p>avutil/lzo: Fix integer overflow</p>
3424	</blockquote>
3425      </body>
3426    </description>
3427    <references>
3428      <url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccda51b14c0fcae2fad73a24872dce75a7964996</url>
3429      <url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee</url>
3430      <cvename>CVE-2014-4610</cvename>
3431    </references>
3432    <dates>
3433      <discovery>2014-06-24</discovery>
3434      <entry>2014-06-28</entry>
3435    </dates>
3436  </vuln>
3437
3438  <vuln vid="d1f5e12a-fd5a-11e3-a108-080027ef73ec">
3439    <topic>LZO -- potential buffer overrun when processing malicious input data</topic>
3440    <affects>
3441      <package>
3442	<name>lzo2</name>
3443	<range><lt>2.07</lt></range>
3444      </package>
3445      <package>
3446	<name>busybox</name>
3447	<range><lt>1.22.1_2</lt></range>
3448      </package>
3449    </affects>
3450    <description>
3451      <body xmlns="http://www.w3.org/1999/xhtml">
3452	<p>Markus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file:</p>
3453	<blockquote>
3454	  <p>Fixed a potential integer overflow condition in the "safe"
3455	    decompressor variants which could result in a possible buffer
3456	    overrun when processing maliciously crafted compressed input
3457	    data.</p>
3458
3459	  <p>As this issue only affects 32-bit systems and also can only happen
3460	    if you use uncommonly huge buffer sizes where you have to decompress
3461	    more than 16 MiB (2^24 bytes) compressed bytes within a single
3462	    function call, the practical implications are limited.</p>
3463	</blockquote>
3464      </body>
3465    </description>
3466    <references>
3467      <url>http://www.oberhumer.com/opensource/lzo/download/lzo-2.07.tar.gz</url>
3468      <cvename>CVE-2014-4608</cvename>
3469    </references>
3470    <dates>
3471      <discovery>2014-06-25</discovery>
3472      <entry>2014-06-26</entry>
3473      <modified>2015-01-06</modified>
3474    </dates>
3475  </vuln>
3476
3477  <vuln vid="1c840eb9-fb32-11e3-866e-b499baab0cbe">
3478    <topic>gnupg -- possible DoS using garbled compressed data packets</topic>
3479    <affects>
3480      <package>
3481	<name>gnupg1</name>
3482	<range><lt>1.4.17</lt></range>
3483      </package>
3484      <package>
3485	<name>gnupg</name>
3486	<range><lt>2.0.24</lt></range>
3487      </package>
3488    </affects>
3489    <description>
3490      <body xmlns="http://www.w3.org/1999/xhtml">
3491	<p>Werner Koch reports:</p>
3492	<blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html">
3493	  <p>This release includes a *security fix* to stop
3494	    a possible DoS using garbled compressed data packets which can be used
3495	    to put gpg into an infinite loop.</p>
3496	</blockquote>
3497      </body>
3498    </description>
3499    <references>
3500      <url>http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html</url>
3501      <url>http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html</url>
3502    </references>
3503    <dates>
3504      <discovery>2014-06-23</discovery>
3505      <entry>2014-06-23</entry>
3506    </dates>
3507  </vuln>
3508
3509  <vuln vid="6ad309d9-fb03-11e3-bebd-000c2980a9f3">
3510    <topic>samba -- multiple vulnerabilities</topic>
3511    <affects>
3512      <package>
3513	<name>samba36</name>
3514	<range><lt>3.6.24</lt></range>
3515      </package>
3516      <package>
3517	<name>samba4</name>
3518	<range><lt>4.0.19</lt></range>
3519      </package>
3520      <package>
3521	<name>samba41</name>
3522	<range><lt>4.1.9</lt></range>
3523      </package>
3524    </affects>
3525    <description>
3526      <body xmlns="http://www.w3.org/1999/xhtml">
3527	<p>The samba project reports:</p>
3528	<blockquote cite="https://www.samba.org/samba/history/">
3529	  <p>A malformed packet can cause the nmbd server to loop the CPU and
3530	    prevent any further NetBIOS name service.</p>
3531	  <p>Valid unicode path names stored on disk can cause smbd to
3532	    crash if an authenticated client attempts to read them
3533	    using a non-unicode request.</p>
3534	</blockquote>
3535      </body>
3536    </description>
3537    <references>
3538      <cvename>CVE-2014-0244</cvename>
3539      <cvename>CVE-2014-3493</cvename>
3540      <url>https://www.samba.org/samba/security/CVE-2014-0244</url>
3541      <url>https://www.samba.org/samba/security/CVE-2014-3493</url>
3542    </references>
3543    <dates>
3544      <discovery>2014-06-23</discovery>
3545      <entry>2014-06-23</entry>
3546    </dates>
3547  </vuln>
3548
3549  <vuln vid="c4892644-f8c6-11e3-9f45-6805ca0b3d42">
3550    <topic>phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names</topic>
3551    <affects>
3552      <package>
3553	<name>phpMyAdmin</name>
3554	<range><ge>4.1.0</ge><lt>4.2.4</lt></range>
3555      </package>
3556    </affects>
3557    <description>
3558      <body xmlns="http://www.w3.org/1999/xhtml">
3559	<p>The phpMyAdmin development team reports:</p>
3560	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php">
3561	  <p>Self-XSS due to unescaped HTML output in recent/favorite
3562	    tables navigation.</p>
3563
3564	  <p>When marking a crafted database or table name as
3565	    favorite or having it in recent tables, it is possible to
3566	    trigger an XSS.</p>
3567
3568
3569	  <p>This vulnerability can be triggered only by someone who
3570	    logged in to phpMyAdmin, as the usual token protection
3571	    prevents non-logged-in users from accessing the required
3572	    form.</p>
3573
3574	</blockquote>
3575	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php">
3576	  <p>Self-XSS due to unescaped HTML output in navigation items
3577	    hiding feature.</p>
3578
3579	  <p>When hiding or unhiding a crafted table name in the
3580	    navigation, it is possible to trigger an XSS.</p>
3581
3582	  <p>This vulnerability can be triggered only by someone who
3583	    logged in to phpMyAdmin, as the usual token protection
3584	    prevents non-logged-in users from accessing the required
3585	    form.</p>
3586	</blockquote>
3587    </body>
3588    </description>
3589    <references>
3590      <cvename>CVE-2014-4348</cvename>
3591      <cvename>CVE-2014-4349</cvename>
3592      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php</url>
3593      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php</url>
3594    </references>
3595    <dates>
3596      <discovery>2014-06-20</discovery>
3597      <entry>2014-06-20</entry>
3598      <modified>2014-06-24</modified>
3599    </dates>
3600  </vuln>
3601
3602  <vuln vid="0981958a-f733-11e3-8276-071f1604ef8a">
3603    <topic>iodined -- authentication bypass</topic>
3604    <affects>
3605      <package>
3606	<name>iodine</name>
3607	<range><lt>0.7.0</lt></range>
3608      </package>
3609    </affects>
3610    <description>
3611      <body xmlns="http://www.w3.org/1999/xhtml">
3612	<p>Erik Ekman of the iodine project reports:</p>
3613    <blockquote cite="https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850">
3614	<p>The client could bypass the password check by continuing after
3615	    getting error from the server and guessing the network parameters.
3616	    The server would still accept the rest of the setup and also network
3617	    traffic.</p>
3618	</blockquote>
3619      </body>
3620    </description>
3621    <references>
3622	<url>https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850</url>
3623    </references>
3624    <dates>
3625      <discovery>2014-06-16</discovery>
3626      <entry>2014-06-18</entry>
3627    </dates>
3628  </vuln>
3629
3630  <vuln vid="f109b02f-f5a4-11e3-82e9-00a098b18457">
3631    <topic>asterisk -- multiple vulnerabilities</topic>
3632    <affects>
3633      <package>
3634	<name>asterisk11</name>
3635	<range><lt>11.10.1</lt></range>
3636      </package>
3637      <package>
3638	<name>asterisk18</name>
3639	<range><lt>1.8.28.1</lt></range>
3640      </package>
3641    </affects>
3642    <description>
3643      <body xmlns="http://www.w3.org/1999/xhtml">
3644	<p>The Asterisk project reports:</p>
3645	<blockquote cite="https://www.asterisk.org/security">
3646	  <p>Asterisk Manager User Unauthorized Shell Access. Manager users can
3647	    execute arbitrary shell commands with the MixMonitor manager action.
3648	    Asterisk does not require system class authorization for a manager
3649	    user to use the MixMonitor action, so any manager user who is
3650	    permitted to use manager commands can potentially execute shell
3651	    commands as the user executing the Asterisk process.</p>
3652	  <p>Exhaustion of Allowed Concurrent HTTP Connections. Establishing a
3653	    TCP or TLS connection to the configured HTTP or HTTPS port
3654	    respectively in http.conf and then not sending or completing a HTTP
3655	    request will tie up a HTTP session. By doing this repeatedly until the
3656	    maximum number of open HTTP sessions is reached, legitimate requests
3657	    are blocked.</p>
3658	</blockquote>
3659      </body>
3660    </description>
3661    <references>
3662      <cvename>CVE-2014-4046</cvename>
3663      <cvename>CVE-2014-4047</cvename>
3664      <url>http://downloads.asterisk.org/pub/security/AST-2014-006.pdf</url>
3665      <url>http://downloads.asterisk.org/pub/security/AST-2014-007.pdf</url>
3666      <url>https://www.asterisk.org/security</url>
3667    </references>
3668    <dates>
3669      <discovery>2014-06-12</discovery>
3670      <entry>2014-06-17</entry>
3671    </dates>
3672  </vuln>
3673
3674  <vuln vid="52bbc7e8-f13c-11e3-bc09-bcaec565249c">
3675    <topic>dbus -- local DoS</topic>
3676    <affects>
3677      <package>
3678	<name>dbus</name>
3679	<range><ge>1.8.0</ge><lt>1.8.4</lt></range>
3680	<range><lt>1.6.20</lt></range>
3681      </package>
3682    </affects>
3683    <description>
3684      <body xmlns="http://www.w3.org/1999/xhtml">
3685	<p>Simon MvVittie reports:</p>
3686	<blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-June/016220.html">
3687	  <p>Alban Crequy at Collabora Ltd. discovered and fixed a
3688	    denial-of-service flaw in dbus-daemon, part of the reference
3689	    implementation of D-Bus.  Additionally, in highly unusual
3690	    environments the same flaw could lead to a side channel between
3691	    processes that should not be able to communicate.</p>
3692	</blockquote>
3693      </body>
3694    </description>
3695    <references>
3696      <cvename>CVE-2014-3477</cvename>
3697      <url>http://lists.freedesktop.org/archives/dbus/2014-June/016220.html</url>
3698    </references>
3699    <dates>
3700      <discovery>2014-06-10</discovery>
3701      <entry>2014-06-14</entry>
3702    </dates>
3703  </vuln>
3704
3705  <vuln vid="888a0262-f0d9-11e3-ba0c-b4b52fce4ce8">
3706    <topic>mozilla -- multiple vulnerabilities</topic>
3707    <affects>
3708      <package>
3709	<name>firefox</name>
3710	<range><lt>30.0,1</lt></range>
3711      </package>
3712      <package>
3713	<name>firefox-esr</name>
3714	<range><lt>24.6.0,1</lt></range>
3715      </package>
3716      <package>
3717	<name>seamonkey</name>
3718	<range><lt>2.26.1</lt></range>
3719      </package>
3720      <package>
3721	<name>linux-firefox</name>
3722	<range><lt>30.0,1</lt></range>
3723      </package>
3724      <package>
3725	<name>linux-seamonkey</name>
3726	<range><lt>2.26.1</lt></range>
3727      </package>
3728      <package>
3729	<name>linux-thunderbird</name>
3730	<range><lt>24.6.0</lt></range>
3731      </package>
3732      <package>
3733	<name>nspr</name>
3734	<range><lt>4.10.6</lt></range>
3735      </package>
3736      <package>
3737	<name>thunderbird</name>
3738	<range><lt>24.6.0</lt></range>
3739      </package>
3740    </affects>
3741    <description>
3742      <body xmlns="http://www.w3.org/1999/xhtml">
3743	<p>The Mozilla Project reports:</p>
3744	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
3745	  <p>MFSA 2014-48 Miscellaneous memory safety hazards
3746	    (rv:30.0 / rv:24.6)</p>
3747	  <p>MFSA 2014-49 Use-after-free and out of bounds
3748	    issues found using Address Sanitizer</p>
3749	  <p>MFSA 2014-51 Use-after-free in Event Listener
3750	    Manager</p>
3751	  <p>MFSA 2014-52 Use-after-free with SMIL Animation
3752	    Controller</p>
3753	  <p>MFSA 2014-53 Buffer overflow in Web Audio Speex
3754	    resampler</p>
3755	  <p>MFSA 2014-54 Buffer overflow in Gamepad API</p>
3756	  <p>MFSA 2014-55 Out of bounds write in NSPR</p>
3757	</blockquote>
3758      </body>
3759    </description>
3760    <references>
3761      <cvename>CVE-2014-1533</cvename>
3762      <cvename>CVE-2014-1534</cvename>
3763      <cvename>CVE-2014-1536</cvename>
3764      <cvename>CVE-2014-1537</cvename>
3765      <cvename>CVE-2014-1540</cvename>
3766      <cvename>CVE-2014-1541</cvename>
3767      <cvename>CVE-2014-1542</cvename>
3768      <cvename>CVE-2014-1543</cvename>
3769      <cvename>CVE-2014-1545</cvename>
3770      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-48.html</url>
3771      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-49.html</url>
3772      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-51.html</url>
3773      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-52.html</url>
3774      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-53.html</url>
3775      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-54.html</url>
3776      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-55.html</url>
3777    </references>
3778    <dates>
3779      <discovery>2014-06-10</discovery>
3780      <entry>2014-06-10</entry>
3781    </dates>
3782  </vuln>
3783
3784  <vuln vid="5ac53801-ec2e-11e3-9cf3-3c970e169bc2">
3785    <topic>OpenSSL -- multiple vulnerabilities</topic>
3786    <affects>
3787      <package>
3788	<name>openssl</name>
3789	<range><ge>1.0.1</ge><lt>1.0.1_13</lt></range>
3790      </package>
3791      <package>
3792	<name>mingw32-openssl</name>
3793	<range><ge>1.0.1</ge><lt>1.0.1h</lt></range>
3794      </package>
3795      <package>
3796	<name>FreeBSD</name>
3797	<range><ge>8.0</ge><lt>8.4_12</lt></range>
3798	<range><ge>9.1</ge><lt>9.1_15</lt></range>
3799	<range><ge>9.2</ge><lt>9.2_8</lt></range>
3800	<range><ge>10.0</ge><lt>10.0_5</lt></range>
3801      </package>
3802    </affects>
3803    <description>
3804      <body xmlns="http://www.w3.org/1999/xhtml">
3805	<p>The OpenSSL Project reports:</p>
3806	<blockquote cite="http://www.openssl.org/news/secadv_20140605.txt">
3807	  <p>An attacker using a carefully crafted handshake can force
3808	    the use of weak keying material in OpenSSL SSL/TLS clients
3809	    and servers. This can be exploited by a Man-in-the-middle
3810	    (MITM) attack where the attacker can decrypt and modify
3811	    traffic from the attacked client and server. [CVE-2014-0224]</p>
3812	  <p>By sending an invalid DTLS handshake to an OpenSSL DTLS
3813	    client the code can be made to recurse eventually crashing
3814	    in a DoS attack. [CVE-2014-0221]</p>
3815	  <p>A buffer overrun attack can be triggered by sending invalid
3816	    DTLS fragments to an OpenSSL DTLS client or server. This is
3817	    potentially exploitable to run arbitrary code on a vulnerable
3818	    client or server. [CVE-2014-0195]</p>
3819	  <p>OpenSSL TLS clients enabling anonymous ECDH ciphersuites are
3820	    subject to a denial of service attack. [CVE-2014-3470]</p>
3821	</blockquote>
3822      </body>
3823    </description>
3824    <references>
3825      <cvename>CVE-2014-0195</cvename>
3826      <cvename>CVE-2014-0221</cvename>
3827      <cvename>CVE-2014-0224</cvename>
3828      <cvename>CVE-2014-3470</cvename>
3829      <freebsdsa>SA-14:14.openssl</freebsdsa>
3830      <url>http://www.openssl.org/news/secadv_20140605.txt</url>
3831    </references>
3832    <dates>
3833      <discovery>2014-06-05</discovery>
3834      <entry>2014-06-05</entry>
3835    </dates>
3836  </vuln>
3837
3838  <vuln vid="9733c480-ebff-11e3-970b-206a8a720317">
3839    <topic>gnutls -- client-side memory corruption</topic>
3840    <affects>
3841      <package>
3842	<name>gnutls</name>
3843	<range><lt>2.12.23_6</lt></range>
3844      </package>
3845    </affects>
3846    <description>
3847      <body xmlns="http://www.w3.org/1999/xhtml">
3848	<p>GnuTLS project reports:</p>
3849	<blockquote cite="www.gnutls.org/security.html#GNUTLS-SA-2014-3">
3850	  <p>This vulnerability affects the client side of the gnutls library.
3851	    A server that sends a specially crafted ServerHello could corrupt
3852	    the memory of a requesting client.</p>
3853	</blockquote>
3854      </body>
3855    </description>
3856    <references>
3857      <cvename>CVE-2014-3466</cvename>
3858      <url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</url>
3859    </references>
3860    <dates>
3861      <discovery>2014-05-14</discovery>
3862      <entry>2014-06-04</entry>
3863    </dates>
3864  </vuln>
3865
3866  <vuln vid="027af74d-eb56-11e3-9032-000c2980a9f3">
3867    <topic>gnutls -- client-side memory corruption</topic>
3868    <affects>
3869      <package>
3870	<name>gnutls3</name>
3871	<range><ge>3.1</ge><lt>3.1.25</lt></range>
3872      </package>
3873    </affects>
3874    <description>
3875      <body xmlns="http://www.w3.org/1999/xhtml">
3876	<p>GnuTLS project reports:</p>
3877	<blockquote cite="www.gnutls.org/security.html#GNUTLS-SA-2014-3">
3878	  <p>This vulnerability affects the client side of the gnutls library.
3879	    A server that sends a specially crafted ServerHello could corrupt
3880	    the memory of a requesting client.</p>
3881	</blockquote>
3882      </body>
3883    </description>
3884    <references>
3885      <cvename>CVE-2014-3466</cvename>
3886      <url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</url>
3887    </references>
3888    <dates>
3889      <discovery>2014-05-14</discovery>
3890      <entry>2014-06-03</entry>
3891    </dates>
3892  </vuln>
3893
3894  <vuln vid="77e2e631-e742-11e3-9a25-5404a6a6412c">
3895    <topic>mumble -- multiple vulnerabilities</topic>
3896    <affects>
3897      <package>
3898	<name>mumble</name>
3899	<range><ge>1.2.0</ge><lt>1.2.6</lt></range>
3900      </package>
3901    </affects>
3902    <description>
3903      <body xmlns="http://www.w3.org/1999/xhtml">
3904	<p>Mumble reports:</p>
3905	<blockquote cite="http://blog.mumble.info/mumble-1-2-6/">
3906	  <p>SVG images with local file references could trigger client DoS</p>
3907	  <p>The Mumble client did not properly HTML-escape some external strings
3908	    before using them in a rich-text (HTML) context.</p>
3909	</blockquote>
3910      </body>
3911    </description>
3912    <references>
3913      <url>http://mumble.info/security/Mumble-SA-2014-005.txt</url>
3914      <url>http://mumble.info/security/Mumble-SA-2014-006.txt</url>
3915    </references>
3916    <dates>
3917      <discovery>2014-04-16</discovery>
3918      <entry>2014-05-29</entry>
3919    </dates>
3920  </vuln>
3921
3922  <vuln vid="c2c8c84b-e734-11e3-9a25-5404a6a6412c">
3923    <topic>mumble -- NULL pointer dereference and heap-based buffer overflow</topic>
3924    <affects>
3925      <package>
3926	<name>mumble</name>
3927	<range><ge>1.2.4</ge><le>1.2.4_6</le></range>
3928      </package>
3929    </affects>
3930    <description>
3931      <body xmlns="http://www.w3.org/1999/xhtml">
3932	<p>Mumble reports:</p>
3933	<blockquote cite="http://blog.mumble.info/mumble-1-2-5/">
3934	  <p>A malformed Opus voice packet sent to a Mumble client could trigger
3935	    a NULL pointer dereference or an out-of-bounds array access.</p>
3936	  <p>A malformed Opus voice packet sent to a Mumble client could trigger a
3937	    heap-based buffer overflow.</p>
3938	</blockquote>
3939      </body>
3940    </description>
3941    <references>
3942      <cvename>CVE-2014-0044</cvename>
3943      <cvename>CVE-2014-0045</cvename>
3944      <url>http://mumble.info/security/Mumble-SA-2014-001.txt</url>
3945      <url>http://mumble.info/security/Mumble-SA-2014-002.txt</url>
3946    </references>
3947    <dates>
3948      <discovery>2014-01-25</discovery>
3949      <entry>2014-05-29</entry>
3950    </dates>
3951  </vuln>
3952
3953  <vuln vid="f99a4686-e694-11e3-9032-000c2980a9f3">
3954    <cancelled/>
3955  </vuln>
3956
3957  <vuln vid="688e73a2-e514-11e3-a52a-98fc11cdc4f5">
3958    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
3959    <affects>
3960      <package>
3961	<name>linux-f10-flashplugin</name>
3962	<range><lt>11.2r202.359</lt></range>
3963      </package>
3964    </affects>
3965    <description>
3966      <body xmlns="http://www.w3.org/1999/xhtml">
3967	<p>Adobe reports:</p>
3968	<blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb14-14.html">
3969	  <p>These updates address vulnerabilities that could cause a crash
3970	    and potentially allow an attacker to take control of the affected system.</p>
3971	</blockquote>
3972      </body>
3973    </description>
3974    <references>
3975      <cvename>CVE-2014-0510</cvename>
3976      <cvename>CVE-2014-0516</cvename>
3977      <cvename>CVE-2014-0517</cvename>
3978      <cvename>CVE-2014-0518</cvename>
3979      <cvename>CVE-2014-0519</cvename>
3980      <cvename>CVE-2014-0520</cvename>
3981      <url>https://helpx.adobe.com/security/products/flash-player/apsb14-14.html</url>
3982    </references>
3983    <dates>
3984      <discovery>2014-03-13</discovery>
3985      <entry>2014-05-26</entry>
3986    </dates>
3987  </vuln>
3988
3989  <vuln vid="02db20d7-e34a-11e3-bd92-bcaec565249c">
3990    <topic>openjpeg -- Multiple vulnerabilities</topic>
3991    <affects>
3992      <package>
3993	<name>openjpeg</name>
3994	<range><lt>1.5.2</lt></range>
3995      </package>
3996    </affects>
3997    <description>
3998      <body xmlns="http://www.w3.org/1999/xhtml">
3999	<p>Openjpeg release notes report:</p>
4000	<blockquote cite="http://openjpeg.googlecode.com/svn/tags/version.1.5.1/NEWS">
4001	  <p>That CVE-2012-3535 and CVE-2012-3358 are fixed in the 1.5.1
4002	    release.</p>
4003	</blockquote>
4004	<blockquote cite="http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS">
4005	  <p>That CVE-2013-4289, CVE-2013-4290, CVE-2013-1447, CVE-2013-6045,
4006	    CVE-2013-6052, CVE-2013-6054, CVE-2013-6053, CVE-2013-6887,
4007	    where fixed in the 1.5.2 release.</p>
4008	</blockquote>
4009      </body>
4010    </description>
4011    <references>
4012      <cvename>CVE-2012-3358</cvename>
4013      <cvename>CVE-2012-3535</cvename>
4014      <cvename>CVE-2013-1447</cvename>
4015      <cvename>CVE-2013-4289</cvename>
4016      <cvename>CVE-2013-4290</cvename>
4017      <cvename>CVE-2013-6045</cvename>
4018      <cvename>CVE-2013-6052</cvename>
4019      <cvename>CVE-2013-6053</cvename>
4020      <cvename>CVE-2013-6054</cvename>
4021      <cvename>CVE-2013-6887</cvename>
4022      <url>http://openjpeg.googlecode.com/svn/tags/version.1.5.1/NEWS</url>
4023      <url>http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS</url>
4024    </references>
4025    <dates>
4026      <discovery>2012-05-13</discovery>
4027      <entry>2014-05-24</entry>
4028    </dates>
4029  </vuln>
4030
4031  <vuln vid="b060ee50-daba-11e3-99f2-bcaec565249c">
4032    <topic>libXfont -- X Font Service Protocol and Font metadata file handling issues</topic>
4033    <affects>
4034      <package>
4035	<name>libXfont</name>
4036	<range><lt>1.4.7_3</lt></range>
4037      </package>
4038      <package>
4039	<name>linux-c6-xorg-libs</name>
4040	<range><lt>7.4_2</lt></range>
4041      </package>
4042      <package>
4043	<name>linux-f10-xorg-libs</name>
4044	<range><ge>*</ge></range>
4045      </package>
4046    </affects>
4047    <description>
4048      <body xmlns="http://www.w3.org/1999/xhtml">
4049	<p>Alan Coopersmith reports:</p>
4050	<blockquote cite="http://lists.x.org/archives/xorg-announce/2014-May/002431.html">
4051	  <p>Ilja van Sprundel, a security researcher with IOActive, has
4052	    discovered several issues in the way the libXfont library
4053	    handles the responses it receives from xfs servers, and has
4054	    worked with X.Org's security team to analyze, confirm, and fix
4055	    these issues.</p>
4056	  <p>Most of these issues stem from libXfont trusting the font server
4057	    to send valid protocol data, and not verifying that the values
4058	    will not overflow or cause other damage.  This code is commonly
4059	    called from the X server when an X Font Server is active in the
4060	    font path, so may be running in a setuid-root process depending
4061	    on the X server in use.  Exploits of this path could be used by
4062	    a local, authenticated user to attempt to raise privileges; or
4063	    by a remote attacker who can control the font server to attempt
4064	    to execute code with the privileges of the X server.</p>
4065	</blockquote>
4066      </body>
4067    </description>
4068    <references>
4069      <cvename>CVE-2014-0209</cvename>
4070      <cvename>CVE-2014-0210</cvename>
4071      <cvename>CVE-2014-0211</cvename>
4072      <url>http://lists.x.org/archives/xorg-announce/2014-May/002431.html</url>
4073    </references>
4074    <dates>
4075      <discovery>2014-05-13</discovery>
4076      <entry>2014-05-13</entry>
4077      <modified>2015-07-15</modified>
4078    </dates>
4079  </vuln>
4080
4081  <vuln vid="e7bb3885-da40-11e3-9ecb-2c4138874f7d">
4082    <topic>libxml2 -- lack of end-of-document check DoS</topic>
4083    <affects>
4084      <package>
4085	<name>libxml2</name>
4086	<range><lt>2.9.1</lt></range>
4087      </package>
4088      <package>
4089	<name>linux-c6-libxml2</name>
4090	<range><lt>2.7.6_2</lt></range>
4091      </package>
4092      <package>
4093	<name>linux-f10-libxml2</name>
4094	<range><ge>*</ge></range>
4095      </package>
4096    </affects>
4097    <description>
4098      <body xmlns="http://www.w3.org/1999/xhtml">
4099	<p>CVE MITRE reports:</p>
4100	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877">
4101	  <p>parser.c in libxml2 before 2.9.0, as used in Google
4102	     Chrome before 28.0.1500.71 and other products, allows remote
4103	     attackers to cause a denial of service (out-of-bounds read)
4104	     via a document that ends abruptly, related to the lack of
4105	     certain checks for the XML_PARSER_EOF state.</p>
4106	</blockquote>
4107      </body>
4108    </description>
4109    <references>
4110      <cvename>CVE-2013-2877</cvename>
4111      <url>https://git.gnome.org/browse/libxml2/tag/?id=CVE-2013-2877</url>
4112      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877</url>
4113      <url>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877</url>
4114    </references>
4115    <dates>
4116      <discovery>2013-04-11</discovery>
4117      <entry>2013-07-10</entry>
4118      <modified>2015-07-15</modified>
4119    </dates>
4120  </vuln>
4121
4122  <vuln vid="efdd0edc-da3d-11e3-9ecb-2c4138874f7d">
4123    <topic>libxml2 -- entity substitution DoS</topic>
4124    <affects>
4125      <package>
4126	<name>libxml2</name>
4127	<range><lt>2.9.1</lt></range>
4128      </package>
4129      <package>
4130	<name>linux-c6-libxml2</name>
4131	<range><lt>2.7.6_2</lt></range>
4132      </package>
4133      <package>
4134	<name>linux-f10-libxml2</name>
4135	<range><ge>*</ge></range>
4136      </package>
4137    </affects>
4138    <description>
4139      <body xmlns="http://www.w3.org/1999/xhtml">
4140	<p>Stefan Cornelius reports:</p>
4141	<blockquote cite="http://www.openwall.com/lists/oss-security/2014/05/06/4">
4142	  <p>It was discovered that libxml2, a library providing
4143	     support to read, modify and write XML files, incorrectly
4144	     performs entity substitution in the doctype prolog, even if
4145	     the application using libxml2 disabled any entity
4146	     substitution.  A remote attacker could provide a
4147	     specially-crafted XML file that, when processed, would lead
4148	     to the exhaustion of CPU and memory resources or file
4149	     descriptors.</p>
4150	  <p>This issue was discovered by Daniel Berrange of Red Hat.</p>
4151	</blockquote>
4152      </body>
4153    </description>
4154    <references>
4155      <cvename>CVE-2014-0191</cvename>
4156      <url>http://www.openwall.com/lists/oss-security/2014/05/06/4</url>
4157      <url>https://git.gnome.org/browse/libxml2/tag/?id=CVE-2014-0191</url>
4158      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191</url>
4159    </references>
4160    <dates>
4161      <discovery>2013-12-03</discovery>
4162      <entry>2014-05-06</entry>
4163      <modified>2015-07-15</modified>
4164    </dates>
4165  </vuln>
4166
4167  <vuln vid="1959e847-d4f0-11e3-84b0-0018fe623f2b">
4168    <topic>OpenSSL -- NULL pointer dereference / DoS</topic>
4169    <affects>
4170      <package>
4171	<name>openssl</name>
4172	<range><ge>1.0.1</ge><lt>1.0.1_12</lt></range>
4173      </package>
4174      <package>
4175	<name>FreeBSD</name>
4176	<range><ge>10.0</ge><lt>10.0_3</lt></range>
4177      </package>
4178    </affects>
4179    <description>
4180      <body xmlns="http://www.w3.org/1999/xhtml">
4181	<p>OpenBSD and David Ramos reports:</p>
4182	<blockquote cite="http://www.openwall.com/lists/oss-security/2014/05/02/5">
4183	  <p>Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx/apache,
4184	  are prone to a race condition which may allow a remote attacker to
4185	  crash the current service.</p>
4186	</blockquote>
4187      </body>
4188    </description>
4189    <references>
4190      <url>http://www.openwall.com/lists/oss-security/2014/05/02/5</url>
4191      <url>https://rt.openssl.org/Ticket/Display.html?user=guest&amp;pass=guest&amp;id=3321</url>
4192      <freebsdsa>SA-14:10.openssl</freebsdsa>
4193      <cvename>CVE-2014-0198</cvename>
4194    </references>
4195    <dates>
4196      <discovery>2014-05-02</discovery>
4197      <entry>2014-05-03</entry>
4198      <modified>2016-08-09</modified>
4199    </dates>
4200  </vuln>
4201
4202  <vuln vid="89709e58-d497-11e3-a3d5-5453ed2e2b49">
4203    <topic>qt4-xml -- XML Entity Expansion Denial of Service</topic>
4204    <affects>
4205      <package>
4206	<name>qt4-xml</name>
4207	<range><lt>4.8.6</lt></range>
4208      </package>
4209    </affects>
4210    <description>
4211      <body xmlns="http://www.w3.org/1999/xhtml">
4212	<p>Richard J. Moore reports:</p>
4213	<blockquote cite="http://lists.qt-project.org/pipermail/announce/2013-December/000036.html">
4214	  <p>QXmlSimpleReader in Qt versions prior to 5.2 supports
4215	    expansion of internal entities in XML documents without
4216	    placing restrictions to ensure the document does not cause
4217	    excessive memory usage. If an application using this API
4218	    processes untrusted data then the application may use
4219	    unexpected amounts of memory if a malicious document is
4220	    processed.</p>
4221	  <p>It is possible to construct XML documents using internal
4222	    entities that consume large amounts of memory and other
4223	    resources to process, this is known as the 'Billion Laughs'
4224	    attack. Qt versions prior to 5.2 did not offer protection
4225	    against this issue.</p>
4226	</blockquote>
4227      </body>
4228    </description>
4229    <references>
4230      <cvename>CVE-2013-4549</cvename>
4231      <url>http://lists.qt-project.org/pipermail/announce/2013-December/000036.html</url>
4232    </references>
4233    <dates>
4234      <discovery>2013-12-05</discovery>
4235      <entry>2014-05-05</entry>
4236    </dates>
4237  </vuln>
4238
4239  <vuln vid="6fb521b0-d388-11e3-a790-000c2980a9f3">
4240    <topic>strongswan -- Remote Authentication Bypass</topic>
4241    <affects>
4242      <package>
4243	<name>strongswan</name>
4244	<range><lt>5.1.3</lt></range>
4245      </package>
4246    </affects>
4247    <description>
4248      <body xmlns="http://www.w3.org/1999/xhtml">
4249	<p>strongSwan developers report:</p>
4250	<blockquote cite="www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-(cve-2014-2338).html">
4251	  <p>Remote attackers are able to bypass authentication by rekeying an
4252	    IKE_SA during (1) initiation or (2) re-authentication, which
4253	    triggers the IKE_SA state to be set to established.</p>
4254	  <p>Only installations that actively initiate or re-authenticate IKEv2
4255	    IKE_SAs are affected.</p>
4256	</blockquote>
4257      </body>
4258    </description>
4259    <references>
4260      <cvename>CVE-2014-2338</cvename>
4261      <url>http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html</url>
4262    </references>
4263    <dates>
4264      <discovery>2014-03-12</discovery>
4265      <entry>2014-05-04</entry>
4266    </dates>
4267  </vuln>
4268
4269  <vuln vid="670d732a-cdd4-11e3-aac2-0022fb6fcf92">
4270    <topic>mohawk -- multiple vulnerabilities</topic>
4271    <affects>
4272      <package>
4273	<name>mohawk</name>
4274	<range><lt>2.0.12</lt></range>
4275      </package>
4276    </affects>
4277    <description>
4278      <body xmlns="http://www.w3.org/1999/xhtml">
4279	<p>The mohawk project reports:</p>
4280	<blockquote cite="http://fossil.bsdsx.fr/mohawk/tktview?name=1707f0e351">
4281	  <p>Segfault when parsing malformed / unescaped url, coredump when setting syslog facility.</p>
4282	</blockquote>
4283      </body>
4284    </description>
4285    <references>
4286      <url>http://fossil.bsdsx.fr/mohawk/tktview?name=1707f0e351</url>
4287      <url>http://fossil.bsdsx.fr/mohawk/tktview?name=1c7565019e</url>
4288    </references>
4289    <dates>
4290      <discovery>2014-04-10</discovery>
4291      <entry>2014-04-30</entry>
4292    </dates>
4293  </vuln>
4294
4295  <vuln vid="985d4d6c-cfbd-11e3-a003-b4b52fce4ce8">
4296    <topic>mozilla -- multiple vulnerabilities</topic>
4297    <affects>
4298      <package>
4299	<name>firefox</name>
4300	<range><lt>29.0,1</lt></range>
4301      </package>
4302      <package>
4303	<name>firefox-esr</name>
4304	<range><lt>24.5.0,1</lt></range>
4305      </package>
4306      <package>
4307	<name>linux-firefox</name>
4308	<range><lt>29.0,1</lt></range>
4309      </package>
4310      <package>
4311	<name>linux-seamonkey</name>
4312	<range><lt>2.26</lt></range>
4313      </package>
4314      <package>
4315	<name>linux-thunderbird</name>
4316	<range><lt>24.5.0</lt></range>
4317      </package>
4318      <package>
4319	<name>seamonkey</name>
4320	<range><lt>2.26</lt></range>
4321      </package>
4322      <package>
4323	<name>thunderbird</name>
4324	<range><lt>24.5.0</lt></range>
4325      </package>
4326    </affects>
4327    <description>
4328      <body xmlns="http://www.w3.org/1999/xhtml">
4329	<p>The Mozilla Project reports:</p>
4330	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
4331	  <p>MFSA 2014-34 Miscellaneous memory safety hazards
4332	    (rv:29.0 / rv:24.5)</p>
4333	  <p>MFSA 2014-35 Privilege escalation through Mozilla Maintenance
4334	    Service Installer</p>
4335	  <p>MFSA 2014-36 Web Audio memory corruption issues</p>
4336	  <p>MFSA 2014-37 Out of bounds read while decoding JPG images</p>
4337	  <p>MFSA 2014-38 Buffer overflow when using non-XBL object as
4338	    XBL</p>
4339	  <p>MFSA 2014-39 Use-after-free in the Text Track Manager
4340	    for HTML video</p>
4341	  <p>MFSA 2014-41 Out-of-bounds write in Cairo</p>
4342	  <p>MFSA 2014-42 Privilege escalation through Web Notification
4343	    API</p>
4344	  <p>MFSA 2014-43 Cross-site scripting (XSS) using history
4345	    navigations</p>
4346	  <p>MFSA 2014-44 Use-after-free in imgLoader while resizing
4347	    images</p>
4348	  <p>MFSA 2014-45 Incorrect IDNA domain name matching for
4349	    wildcard certificates</p>
4350	  <p>MFSA 2014-46 Use-after-free in nsHostResolve</p>
4351	  <p>MFSA 2014-47 Debugger can bypass XrayWrappers
4352	    with JavaScript</p>
4353	</blockquote>
4354      </body>
4355    </description>
4356    <references>
4357      <cvename>CVE-2014-1492</cvename>
4358      <cvename>CVE-2014-1518</cvename>
4359      <cvename>CVE-2014-1519</cvename>
4360      <cvename>CVE-2014-1520</cvename>
4361      <cvename>CVE-2014-1522</cvename>
4362      <cvename>CVE-2014-1523</cvename>
4363      <cvename>CVE-2014-1524</cvename>
4364      <cvename>CVE-2014-1525</cvename>
4365      <cvename>CVE-2014-1526</cvename>
4366      <cvename>CVE-2014-1527</cvename>
4367      <cvename>CVE-2014-1528</cvename>
4368      <cvename>CVE-2014-1529</cvename>
4369      <cvename>CVE-2014-1530</cvename>
4370      <cvename>CVE-2014-1531</cvename>
4371      <cvename>CVE-2014-1532</cvename>
4372      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-34.html</url>
4373      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-35.html</url>
4374      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-36.html</url>
4375      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-37.html</url>
4376      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-38.html</url>
4377      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-39.html</url>
4378      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-41.html</url>
4379      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-42.html</url>
4380      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-43.html</url>
4381      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-44.html</url>
4382      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-45.html</url>
4383      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-46.html</url>
4384      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-47.html</url>
4385      <url>http://www.mozilla.org/security/known-vulnerabilities/</url>
4386    </references>
4387    <dates>
4388      <discovery>2014-04-29</discovery>
4389      <entry>2014-04-29</entry>
4390    </dates>
4391  </vuln>
4392
4393  <vuln vid="59e72db2-cae6-11e3-8420-00e0814cab4e">
4394    <topic>django -- multiple vulnerabilities</topic>
4395    <affects>
4396      <package>
4397	<name>py26-django</name>
4398	<range><ge>1.6</ge><lt>1.6.3</lt></range>
4399      </package>
4400      <package>
4401	<name>py27-django</name>
4402	<range><ge>1.6</ge><lt>1.6.3</lt></range>
4403      </package>
4404      <package>
4405	<name>py31-django</name>
4406	<range><ge>1.6</ge><lt>1.6.3</lt></range>
4407      </package>
4408      <package>
4409	<name>py32-django</name>
4410	<range><ge>1.6</ge><lt>1.6.3</lt></range>
4411      </package>
4412      <package>
4413	<name>py33-django</name>
4414	<range><ge>1.6</ge><lt>1.6.3</lt></range>
4415      </package>
4416      <package>
4417	<name>py34-django</name>
4418	<range><ge>1.6</ge><lt>1.6.3</lt></range>
4419      </package>
4420      <package>
4421	<name>py26-django15</name>
4422	<range><ge>1.5</ge><lt>1.5.6</lt></range>
4423      </package>
4424      <package>
4425	<name>py27-django15</name>
4426	<range><ge>1.5</ge><lt>1.5.6</lt></range>
4427      </package>
4428      <package>
4429	<name>py31-django15</name>
4430	<range><ge>1.5</ge><lt>1.5.6</lt></range>
4431      </package>
4432      <package>
4433	<name>py32-django15</name>
4434	<range><ge>1.5</ge><lt>1.5.6</lt></range>
4435      </package>
4436      <package>
4437	<name>py33-django15</name>
4438	<range><ge>1.5</ge><lt>1.5.6</lt></range>
4439      </package>
4440      <package>
4441	<name>py34-django15</name>
4442	<range><ge>1.5</ge><lt>1.5.6</lt></range>
4443      </package>
4444      <package>
4445	<name>py26-django14</name>
4446	<range><ge>1.4</ge><lt>1.4.11</lt></range>
4447      </package>
4448      <package>
4449	<name>py27-django14</name>
4450	<range><ge>1.4</ge><lt>1.4.11</lt></range>
4451      </package>
4452      <package>
4453	<name>py31-django14</name>
4454	<range><ge>1.4</ge><lt>1.4.11</lt></range>
4455      </package>
4456      <package>
4457	<name>py32-django14</name>
4458	<range><ge>1.4</ge><lt>1.4.11</lt></range>
4459      </package>
4460      <package>
4461	<name>py33-django14</name>
4462	<range><ge>1.4</ge><lt>1.4.11</lt></range>
4463      </package>
4464      <package>
4465	<name>py34-django14</name>
4466	<range><ge>1.4</ge><lt>1.4.11</lt></range>
4467      </package>
4468      <package>
4469	<name>py26-django-devel</name>
4470	<range><lt>20140423,1</lt></range>
4471      </package>
4472      <package>
4473	<name>py27-django-devel</name>
4474	<range><lt>20140423,1</lt></range>
4475      </package>
4476    </affects>
4477    <description>
4478      <body xmlns="http://www.w3.org/1999/xhtml">
4479	<p>The Django project reports:</p>
4480	<blockquote cite="https://www.djangoproject.com/weblog/2014/apr/21/security/">
4481	  <p>These releases address an unexpected code-execution issue, a
4482	    caching issue which can expose CSRF tokens and a MySQL typecasting
4483	    issue. While these issues present limited risk and may not affect
4484	    all Django users, we encourage all users to evaluate their own
4485	    risk and upgrade as soon as possible.</p>
4486	</blockquote>
4487      </body>
4488    </description>
4489    <references>
4490      <url>https://www.djangoproject.com/weblog/2014/apr/21/security/</url>
4491      <cvename>CVE-2014-0472</cvename>
4492      <cvename>CVE-2014-0473</cvename>
4493      <cvename>CVE-2014-0474</cvename>
4494    </references>
4495    <dates>
4496      <discovery>2014-04-21</discovery>
4497      <entry>2014-04-23</entry>
4498      <modified>2014-04-30</modified>
4499    </dates>
4500  </vuln>
4501
4502  <vuln vid="0b8d7194-ca88-11e3-9d8d-c80aa9043978">
4503    <topic>OpenSSL -- Remote Data Injection / DoS</topic>
4504    <affects>
4505      <package>
4506	<name>openssl</name>
4507	<range><ge>1.0.1</ge><lt>1.0.1_11</lt></range>
4508      </package>
4509      <package>
4510	<name>mingw32-openssl</name>
4511	<range><ge>1.0.1</ge><le>1.0.1g</le></range>
4512      </package>
4513      <package>
4514	<name>FreeBSD</name>
4515	<range><ge>10.0</ge><lt>10.0_2</lt></range>
4516      </package>
4517    </affects>
4518    <description>
4519      <body xmlns="http://www.w3.org/1999/xhtml">
4520	<p>Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx, are
4521	  prone to a race condition which may allow a remote attacker to
4522	  inject random data into other connections.</p>
4523      </body>
4524    </description>
4525    <references>
4526      <url>https://rt.openssl.org/Ticket/Display.html?id=2167</url>
4527      <url>http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse</url>
4528      <freebsdsa>SA-14:09.openssl</freebsdsa>
4529      <cvename>CVE-2010-5298</cvename>
4530    </references>
4531    <dates>
4532      <discovery>2010-02-09</discovery>
4533      <entry>2014-04-23</entry>
4534      <modified>2016-08-09</modified>
4535    </dates>
4536  </vuln>
4537
4538  <vuln vid="608ed765-c700-11e3-848c-20cf30e32f6d">
4539    <topic>bugzilla -- Cross-Site Request Forgery</topic>
4540    <affects>
4541      <package>
4542	<name>bugzilla40</name>
4543	<range><ge>2.0.0</ge><lt>4.4.3</lt></range>
4544      </package>
4545      <package>
4546	<name>bugzilla42</name>
4547	<range><ge>2.0.0</ge><lt>4.4.3</lt></range>
4548      </package>
4549      <package>
4550	<name>bugzilla44</name>
4551	<range><ge>2.0.0</ge><lt>4.4.3</lt></range>
4552      </package>
4553    </affects>
4554    <description>
4555      <body xmlns="http://www.w3.org/1999/xhtml">
4556	<h1>A Bugzilla Security Advisory reports:</h1>
4557	<blockquote cite="http://www.bugzilla.org/security/4.0.11/">
4558	  <p>The login form had no CSRF protection, meaning that
4559	    an attacker could force the victim to log in using the
4560	    attacker's credentials. If the victim then reports a new
4561	    security sensitive bug, the attacker would get immediate
4562	    access to this bug.</p>
4563	  <p>
4564	    Due to changes involved in the Bugzilla API, this fix is
4565	    not backported to the 4.0 and 4.2 branches, meaning that
4566	    Bugzilla 4.0.12 and older, and 4.2.8 and older, will
4567	    remain vulnerable to this issue.</p>
4568	</blockquote>
4569      </body>
4570    </description>
4571    <references>
4572      <cvename>CVE-2014-1517</cvename>
4573      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=713926</url>
4574    </references>
4575    <dates>
4576      <discovery>2014-04-17</discovery>
4577      <entry>2014-04-18</entry>
4578      <modified>2014-04-18</modified>
4579    </dates>
4580  </vuln>
4581
4582  <vuln vid="60bfa396-c702-11e3-848c-20cf30e32f6d">
4583    <topic>bugzilla -- Social Engineering</topic>
4584    <affects>
4585      <package>
4586	<name>bugzilla40</name>
4587	<range><ge>2.0.0</ge><lt>4.0.12</lt></range>
4588      </package>
4589      <package>
4590	<name>bugzilla42</name>
4591	<range><ge>4.1.1</ge><lt>4.2.8</lt></range>
4592      </package>
4593      <package>
4594	<name>bugzilla44</name>
4595	<range><ge>4.4.0</ge><lt>4.4.3</lt></range>
4596      </package>
4597    </affects>
4598    <description>
4599      <body xmlns="http://www.w3.org/1999/xhtml">
4600	<h1>A Bugzilla Security Advisory reports:</h1>
4601	<blockquote cite="http://www.bugzilla.org/security/4.0.11/">
4602	  <p>Dangerous control characters can be inserted into
4603	    Bugzilla, notably into bug comments. If the text, which
4604	    may look safe, is copied into a terminal such as xterm or
4605	    gnome-terminal, then unexpected commands could be executed
4606	    on the local machine.</p>
4607	</blockquote>
4608      </body>
4609    </description>
4610    <references>
4611      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=968576</url>
4612    </references>
4613    <dates>
4614      <discovery>2014-04-17</discovery>
4615      <entry>2014-04-18</entry>
4616      <modified>2014-04-18</modified>
4617    </dates>
4618  </vuln>
4619
4620  <vuln vid="abad20bf-c1b4-11e3-a5ac-001b21614864">
4621    <topic>OpenLDAP -- incorrect handling of NULL in certificate Common Name</topic>
4622    <affects>
4623      <package>
4624	<name>openldap24-client</name>
4625	<range><lt>2.4.18</lt></range>
4626      </package>
4627      <package>
4628	<name>linux-f10-openldap</name>
4629	<range><lt>2.4.18</lt></range>
4630      </package>
4631    </affects>
4632    <description>
4633      <body xmlns="http://www.w3.org/1999/xhtml">
4634	<p>Jan Lieskovsky reports:</p>
4635	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767">
4636	  <p>OpenLDAP does not properly handle a '\0' character in a domain name
4637	    in the subject's Common Name (CN) field of an X.509 certificate,
4638	    which allows man-in-the-middle attackers to spoof arbitrary SSL
4639	    servers via a crafted certificate issued by a legitimate
4640	    Certification Authority</p>
4641	</blockquote>
4642      </body>
4643    </description>
4644    <references>
4645      <cvename>CVE-2009-3767</cvename>
4646      <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767</url>
4647    </references>
4648    <dates>
4649      <discovery>2009-08-07</discovery>
4650      <entry>2014-04-11</entry>
4651    </dates>
4652  </vuln>
4653
4654  <vuln vid="9aecb94c-c1ad-11e3-a5ac-001b21614864">
4655    <topic>cURL -- inappropriate GSSAPI delegation</topic>
4656    <affects>
4657      <package>
4658	<name>curl</name>
4659	<range><ge>7.10.6</ge><le>7.21.6</le></range>
4660      </package>
4661      <package>
4662	<name>linux-f10-curl</name>
4663	<range><ge>7.10.6</ge><le>7.21.6</le></range>
4664      </package>
4665    </affects>
4666    <description>
4667      <body xmlns="http://www.w3.org/1999/xhtml">
4668	<p>cURL reports:</p>
4669	<blockquote cite="http://curl.haxx.se/docs/adv_20110623.html">
4670	  <p>When doing GSSAPI authentication, libcurl unconditionally performs
4671	    credential delegation. This hands the server a copy of the client's
4672	    security credentials, allowing the server to impersonate the client
4673	    to any other using the same GSSAPI mechanism.</p>
4674	</blockquote>
4675      </body>
4676    </description>
4677    <references>
4678      <cvename>CVE-2011-2192</cvename>
4679      <url>http://curl.haxx.se/docs/adv_20110623.html</url>
4680    </references>
4681    <dates>
4682      <discovery>2011-06-23</discovery>
4683      <entry>2014-04-11</entry>
4684      <modified>2014-04-30</modified>
4685    </dates>
4686  </vuln>
4687
4688  <vuln vid="77bb0541-c1aa-11e3-a5ac-001b21614864">
4689    <topic>dbus-glib -- privledge escalation</topic>
4690    <affects>
4691      <package>
4692	<name>dbus-glib</name>
4693	<range><lt>0.100.1</lt></range>
4694      </package>
4695      <package>
4696	<name>linux-f10-dbus-glib</name>
4697	<range><lt>0.100.1</lt></range>
4698      </package>
4699    </affects>
4700    <description>
4701      <body xmlns="http://www.w3.org/1999/xhtml">
4702	<p>Sebastian Krahmer reports:</p>
4703	<blockquote cite="https://bugs.freedesktop.org/show_bug.cgi?id=60916">
4704	  <p>A privilege escalation flaw was found in the way dbus-glib, the
4705	    D-Bus add-on library to integrate the standard D-Bus library with
4706	    the GLib thread abstraction and main loop, performed filtering of
4707	    the message sender (message source subject), when the
4708	    NameOwnerChanged signal was received. A local attacker could use
4709	    this flaw to escalate their privileges.</p>
4710	</blockquote>
4711      </body>
4712    </description>
4713    <references>
4714      <cvename>CVE-2013-0292</cvename>
4715      <url>https://bugs.freedesktop.org/show_bug.cgi?id=60916</url>
4716    </references>
4717    <dates>
4718      <discovery>2013-02-15</discovery>
4719      <entry>2014-04-11</entry>
4720      <modified>2014-04-30</modified>
4721    </dates>
4722  </vuln>
4723
4724  <vuln vid="bf7912f5-c1a8-11e3-a5ac-001b21614864">
4725    <topic>nas -- multiple vulnerabilities</topic>
4726    <affects>
4727      <package>
4728	<name>nas</name>
4729	<range><lt>1.9.4</lt></range>
4730      </package>
4731      <package>
4732	<name>linux-f10-nas-libs</name>
4733	<range><lt>1.9.4</lt></range>
4734      </package>
4735    </affects>
4736    <description>
4737      <body xmlns="http://www.w3.org/1999/xhtml">
4738	<p>Hamid Zamani reports:</p>
4739	<blockquote cite="http://radscan.com/pipermail/nas/2013-August/001270.html">
4740	  <p>multiple security problems (buffer overflows, format string
4741	    vulnerabilities and missing input sanitising), which could lead to
4742	    the execution of arbitrary code.</p>
4743	</blockquote>
4744      </body>
4745    </description>
4746    <references>
4747      <cvename>CVE-2013-4256</cvename>
4748      <cvename>CVE-2013-4257</cvename>
4749      <cvename>CVE-2013-4258</cvename>
4750      <url>http://radscan.com/pipermail/nas/2013-August/001270.html</url>
4751    </references>
4752    <dates>
4753      <discovery>2013-08-07</discovery>
4754      <entry>2014-04-11</entry>
4755    </dates>
4756  </vuln>
4757
4758  <vuln vid="09f47c51-c1a6-11e3-a5ac-001b21614864">
4759    <topic>libaudiofile -- heap-based overflow in Microsoft ADPCM compression module</topic>
4760    <affects>
4761      <package>
4762	<name>libaudiofile</name>
4763	<range><lt>0.2.7</lt></range>
4764      </package>
4765      <package>
4766	<name>linux-f10-libaudiofile</name>
4767	<range><lt>0.2.7</lt></range>
4768      </package>
4769    </affects>
4770    <description>
4771      <body xmlns="http://www.w3.org/1999/xhtml">
4772	<p>Debian reports:</p>
4773	<blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205">
4774	  <p>Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile
4775	    0.2.6 allows context-dependent attackers to cause a denial of service
4776	    (application crash) or possibly execute arbitrary code via a crafted
4777	    WAV file.</p>
4778	</blockquote>
4779      </body>
4780    </description>
4781    <references>
4782      <cvename>CVE-2014-0159</cvename>
4783      <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205</url>
4784    </references>
4785    <dates>
4786      <discovery>2008-12-30</discovery>
4787      <entry>2014-04-11</entry>
4788      <modified>2014-04-30</modified>
4789    </dates>
4790  </vuln>
4791
4792  <vuln vid="972837fc-c304-11e3-8758-00262d5ed8ee">
4793    <topic>ChaSen -- buffer overflow</topic>
4794    <affects>
4795      <package>
4796	<name>chasen-base</name>
4797	<range><lt>2.4.5</lt></range>
4798      </package>
4799      <package>
4800	<name>chasen</name>
4801	<range><lt>2.4.5</lt></range>
4802      </package>
4803    </affects>
4804    <description>
4805      <body xmlns="http://www.w3.org/1999/xhtml">
4806	<p>JVN iPedia reports:</p>
4807	<blockquote cite="http://jvn.jp/en/jp/JVN16901583/index.html">
4808	  <p>ChaSen provided by Nara Institute of Science and Technology is a
4809	    software for morphologically analyzing Japanese. ChaSen contains an
4810	    issue when reading in strings, which may lead to a buffer
4811	    overflow.</p>
4812	  <p>An arbitrary script may be executed by an attacker with access to
4813	    a system that is running a product listed in "Products
4814	    Affected."</p>
4815	</blockquote>
4816      </body>
4817    </description>
4818    <references>
4819      <cvename>CVE-2011-4000</cvename>
4820      <url>http://jvn.jp/en/jp/JVN16901583/index.html</url>
4821    </references>
4822    <dates>
4823      <discovery>2011-11-08</discovery>
4824      <entry>2014-04-13</entry>
4825    </dates>
4826  </vuln>
4827
4828  <vuln vid="7ccd4def-c1be-11e3-9d09-000c2980a9f3">
4829    <topic>OpenSSL -- Local Information Disclosure</topic>
4830    <affects>
4831      <package>
4832	<name>openssl</name>
4833	<range><ge>1.0.1</ge><lt>1.0.1_10</lt></range>
4834      </package>
4835      <package>
4836	<name>mingw32-openssl</name>
4837	<range><ge>1.0.1</ge><lt>1.0.1g</lt></range>
4838      </package>
4839      <package>
4840	<name>FreeBSD</name>
4841	<range><ge>8.3</ge><lt>8.3_15</lt></range>
4842	<range><ge>8.4</ge><lt>8.4_8</lt></range>
4843	<range><ge>9.1</ge><lt>9.1_11</lt></range>
4844	<range><ge>9.2</ge><lt>9.2_4</lt></range>
4845	<range><ge>10.0</ge><lt>10.0_1</lt></range>
4846      </package>
4847    </affects>
4848    <description>
4849      <body xmlns="http://www.w3.org/1999/xhtml">
4850	<p>OpenSSL reports:</p>
4851	<blockquote cite="https://www.openssl.org/news/vulnerabilities.html#2014-0076">
4852	  <p>A flaw in the implementation of Montgomery Ladder Approach would
4853	    create a side-channel that leaks sensitive timing information.</p>
4854	  <p>A local attacker might be able to snoop a signing process and
4855	    might recover the signing key from it.</p>
4856	</blockquote>
4857      </body>
4858    </description>
4859    <references>
4860      <cvename>CVE-2014-0076</cvename>
4861      <freebsdsa>SA-14:06.openssl</freebsdsa>
4862      <url>https://www.openssl.org/news/vulnerabilities.html#2014-0076</url>
4863    </references>
4864    <dates>
4865      <discovery>2014-04-07</discovery>
4866      <entry>2014-04-11</entry>
4867    </dates>
4868  </vuln>
4869
4870  <vuln vid="c0c31b27-bff3-11e3-9d09-000c2980a9f3">
4871    <topic>openafs -- Denial of Service</topic>
4872    <affects>
4873      <package>
4874	<name>openafs</name>
4875	<range><ge>1.4.8</ge><lt>1.6.7</lt></range>
4876      </package>
4877    </affects>
4878    <description>
4879      <body xmlns="http://www.w3.org/1999/xhtml">
4880	<p>The OpenAFS development team reports:</p>
4881	<blockquote cite="http://openafs.org/security/OPENAFS-SA-2014-001.txt">
4882	  <p>An attacker with the ability to connect to an OpenAFS fileserver can
4883	    trigger a buffer overflow, crashing the server.</p>
4884	  <p>The buffer overflow can be triggered by sending an unauthenticated
4885	    request for file server statistical information.</p>
4886	  <p>Clients are not affected.</p>
4887	</blockquote>
4888      </body>
4889    </description>
4890    <references>
4891      <cvename>CVE-2014-0159</cvename>
4892      <url>http://openafs.org/security/OPENAFS-SA-2014-001.txt</url>
4893    </references>
4894    <dates>
4895      <discovery>2014-04-09</discovery>
4896      <entry>2014-04-09</entry>
4897    </dates>
4898  </vuln>
4899
4900  <vuln vid="5631ae98-be9e-11e3-b5e3-c80aa9043978">
4901    <topic>OpenSSL -- Remote Information Disclosure</topic>
4902    <affects>
4903      <package>
4904	<name>openssl</name>
4905	<range><ge>1.0.1</ge><lt>1.0.1_10</lt></range>
4906      </package>
4907      <package>
4908	<name>mingw32-openssl</name>
4909	<range><ge>1.0.1</ge><lt>1.0.1g</lt></range>
4910      </package>
4911      <package>
4912	<name>FreeBSD</name>
4913	<range><ge>10.0</ge><lt>10.0_1</lt></range>
4914      </package>
4915    </affects>
4916    <description>
4917      <body xmlns="http://www.w3.org/1999/xhtml">
4918	<p>OpenSSL Reports:</p>
4919	<blockquote cite="https://www.openssl.org/news/secadv_20140407.txt">
4920	  <p>A missing bounds check in the handling of the TLS heartbeat extension can be
4921	    used to reveal up to 64k of memory to a connected client or server.</p>
4922	  <p>Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
4923	    upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.</p>
4924	</blockquote>
4925	<blockquote cite="http://www.heartbleed.com">
4926	  <p>The bug allows anyone on the Internet to read the memory of the
4927	  systems protected by the vulnerable versions of the OpenSSL software.
4928	  This compromises the secret keys used to identify the service
4929	  providers and to encrypt the traffic, the names and passwords of the
4930	  users and the actual content. This allows attackers to eavesdrop
4931	  communications, steal data directly from the services and users and
4932	  to impersonate services and users.</p>
4933	</blockquote>
4934	<blockquote cite="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc">
4935	  <p>The code used to handle the Heartbeat Extension does not do
4936	    sufficient boundary checks on record length, which allows reading
4937	    beyond the actual payload.</p>
4938	</blockquote>
4939      </body>
4940    </description>
4941    <references>
4942      <cvename>CVE-2014-0160</cvename>
4943      <freebsdsa>SA-14:06.openssl</freebsdsa>
4944      <url>https://www.openssl.org/news/secadv_20140407.txt</url>
4945      <url>https://www.openssl.org/news/vulnerabilities.html#2014-0076</url>
4946      <url>http://www.heartbleed.com</url>
4947    </references>
4948    <dates>
4949      <discovery>2014-04-07</discovery>
4950      <entry>2014-04-07</entry>
4951      <modified>2014-04-11</modified>
4952    </dates>
4953  </vuln>
4954
4955  <vuln vid="ffa7c6e4-bb29-11e3-8136-60a44c524f57">
4956    <topic>otrs -- Clickjacking issue</topic>
4957    <affects>
4958      <package>
4959	<name>otrs</name>
4960	<range><lt>3.1.21</lt></range>
4961	<range><gt>3.2.*</gt><lt>3.2.16</lt></range>
4962	<range><gt>3.3.*</gt><lt>3.3.6</lt></range>
4963      </package>
4964    </affects>
4965    <description>
4966      <body xmlns="http://www.w3.org/1999/xhtml">
4967	<p>The OTRS Project reports:</p>
4968	<blockquote cite="http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/">
4969	  <p>An attacker could embed OTRS in a hidden iframe tag of another
4970	    page, tricking the user into clicking links in OTRS.</p>
4971	</blockquote>
4972      </body>
4973    </description>
4974    <references>
4975      <url>http://www.w3.org/1999/xhtml</url>
4976      <cvename>CVE-2014-2554</cvename>
4977    </references>
4978    <dates>
4979      <discovery>2014-04-01</discovery>
4980      <entry>2014-04-03</entry>
4981    </dates>
4982  </vuln>
4983
4984  <vuln vid="580cc46b-bb1e-11e3-b144-2c4138874f7d">
4985    <topic>LibYAML input sanitization errors</topic>
4986    <affects>
4987      <package>
4988	<name>libyaml</name>
4989	<range><lt>0.1.6</lt></range>
4990      </package>
4991      <package>
4992	<name>mingw32-libyaml</name>
4993	<range><lt>0.1.6</lt></range>
4994      </package>
4995    </affects>
4996    <description>
4997      <body xmlns="http://www.w3.org/1999/xhtml">
4998	<p>oCERT reports:</p>
4999	<blockquote cite="http://www.ocert.org/advisories/ocert-2014-003.html">
5000	  <p>The LibYAML project is an open source YAML 1.1 parser and
5001	    emitter written in C.</p>
5002	  <p>The library is affected by a heap-based buffer overflow
5003	    which can lead to arbitrary code execution. The
5004	    vulnerability is caused by lack of proper expansion for the
5005	    string passed to the yaml_parser_scan_uri_escapes()
5006	    function.</p>
5007	  <p>A specially crafted YAML file, with a long sequence of
5008	    percent-encoded characters in a URL, can be used to trigger
5009	    the overflow.</p>
5010	</blockquote>
5011      </body>
5012    </description>
5013    <references>
5014      <cvename>CVE-2014-2525</cvename>
5015      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525</url>
5016    </references>
5017    <dates>
5018      <discovery>2014-03-11</discovery>
5019      <entry>2014-03-26</entry>
5020    </dates>
5021  </vuln>
5022
5023  <vuln vid="4e95eb4e-b737-11e3-87cd-f0def10dca57">
5024    <topic>Icinga -- buffer overflow in classic web interface</topic>
5025    <affects>
5026      <package>
5027	<name>icinga</name>
5028	<range><lt>1.11.1</lt></range>
5029      </package>
5030    </affects>
5031    <description>
5032      <body xmlns="http://www.w3.org/1999/xhtml">
5033	<p>The Icinga Team reports:</p>
5034	<blockquote cite="https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d">
5035	  <p>Wrong strlen check against MAX_INPUT_BUFFER without taking '\0' into account [...]</p>
5036	</blockquote>
5037      </body>
5038    </description>
5039    <references>
5040      <cvename>CVE-2014-2386</cvename>
5041      <url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386</url>
5042    </references>
5043    <dates>
5044      <discovery>2014-02-18</discovery>
5045      <entry>2014-03-29</entry>
5046    </dates>
5047  </vuln>
5048
5049  <vuln vid="7e61a839-b714-11e3-8195-001966155bea">
5050    <topic>file -- out-of-bounds access in search rules with offsets from input file</topic>
5051    <affects>
5052      <package>
5053	<name>file</name>
5054	<range><lt>5.18</lt></range>
5055      </package>
5056    </affects>
5057    <description>
5058      <body xmlns="http://www.w3.org/1999/xhtml">
5059	<p>Aaron Reffett reports:</p>
5060	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270">
5061	  <p>softmagic.c in file ... and libmagic allows context-dependent
5062	    attackers to cause a denial of service (out-of-bounds memory access and
5063	    crash) via crafted offsets in the softmagic of a PE executable.</p>
5064	</blockquote>
5065      </body>
5066    </description>
5067    <references>
5068      <cvename>CVE-2014-2270</cvename>
5069      <url>http://bugs.gw.com/view.php?id=31</url>
5070    </references>
5071    <dates>
5072      <discovery>2013-12-20</discovery>
5073      <entry>2014-03-29</entry>
5074    </dates>
5075  </vuln>
5076
5077  <vuln vid="9fa1a0ac-b2e0-11e3-bb07-6cf0490a8c18">
5078    <topic>Joomla! -- Core - Multiple Vulnerabilities</topic>
5079    <affects>
5080      <package>
5081	<name>joomla2</name>
5082	<range><ge>2.5.*</ge><le>2.5.18</le></range>
5083      </package>
5084      <package>
5085	<name>joomla3</name>
5086	<range><ge>3.0.*</ge><le>3.2.2</le></range>
5087      </package>
5088    </affects>
5089    <description>
5090      <body xmlns="http://www.w3.org/1999/xhtml">
5091	<p>The JSST and the Joomla! Security Center report:</p>
5092	<blockquote cite="http://developer.joomla.org/security/578-20140301-core-sql-injection.html">
5093	  <h2>[20140301] - Core - SQL Injection</h2>
5094	  <p>Inadequate escaping leads to SQL injection vulnerability.</p>
5095	</blockquote>
5096	<blockquote cite="http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html">
5097	  <h2>[20140302] - Core - XSS Vulnerability</h2>
5098	  <p>Inadequate escaping leads to XSS vulnerability in com_contact.</p>
5099	</blockquote>
5100	<blockquote cite="http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html">
5101	  <h2>[20140303] - Core - XSS Vulnerability</h2>
5102	  <p>Inadequate escaping leads to XSS vulnerability.</p>
5103	</blockquote>
5104	<blockquote cite="http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html">
5105	  <h2>[20140304] - Core - Unauthorised Logins</h2>
5106	  <p>Inadequate checking allowed unauthorised logins via GMail authentication.</p>
5107	</blockquote>
5108      </body>
5109    </description>
5110    <references>
5111      <url>http://developer.joomla.org/security/578-20140301-core-sql-injection.html</url>
5112      <url>http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html</url>
5113      <url>http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html</url>
5114      <url>http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html</url>
5115    </references>
5116    <dates>
5117      <discovery>2014-03-01</discovery>
5118      <entry>2014-03-23</entry>
5119      <modified>2014-04-30</modified>
5120    </dates>
5121  </vuln>
5122
5123  <vuln vid="36f9ac43-b2ac-11e3-8752-080027ef73ec">
5124    <topic>mail/trojita -- may leak mail contents (not user credentials) over unencrypted connection</topic>
5125    <affects>
5126      <package>
5127	<name>trojita</name>
5128	<range><lt>0.4.1</lt></range>
5129      </package>
5130    </affects>
5131    <description>
5132      <body xmlns="http://www.w3.org/1999/xhtml">
5133	<p>Jan Kundrát reports:</p>
5134	<blockquote cite="http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html">
5135	  <p>An SSL stripping vulnerability was discovered in Trojitá, a fast Qt
5136	    IMAP e-mail client. User's credentials are never leaked, but if a
5137	    user tries to send an e-mail, the automatic saving into the "sent"
5138	    or "draft" folders could happen over a plaintext connection even if
5139	    the user's preferences specify STARTTLS as a requirement.</p>
5140	</blockquote>
5141      </body>
5142    </description>
5143    <references>
5144      <cvename>CVE-2014-2567</cvename>
5145      <url>http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html</url>
5146    </references>
5147    <dates>
5148      <discovery>2014-03-20</discovery>
5149      <entry>2014-03-23</entry>
5150    </dates>
5151  </vuln>
5152
5153  <vuln vid="da4b89ad-b28f-11e3-99ca-f0def16c5c1b">
5154    <topic>nginx-devel -- SPDY heap buffer overflow</topic>
5155    <affects>
5156      <package>
5157	<name>nginx-devel</name>
5158	<range><ge>1.3.15</ge><lt>1.5.12</lt></range>
5159      </package>
5160    </affects>
5161    <description>
5162      <body xmlns="http://www.w3.org/1999/xhtml">
5163	<p>The nginx project reports:</p>
5164	<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html">
5165	  <p>A bug in the experimental SPDY implementation in nginx was found, which
5166	   might allow an attacker to cause a heap memory buffer overflow in a
5167	   worker process by using a specially crafted request, potentially
5168	   resulting in arbitrary code execution (CVE-2014-0133).</p>
5169
5170	  <p>The problem affects nginx 1.3.15 - 1.5.11, compiled with the
5171	   ngx_http_spdy_module module (which is not compiled by default) and
5172	   without --with-debug configure option, if the "spdy" option of the
5173	   "listen" directive is used in a configuration file.</p>
5174
5175	  <p>The problem is fixed in nginx 1.5.12, 1.4.7.</p>
5176	</blockquote>
5177      </body>
5178    </description>
5179    <references>
5180      <cvename>CVE-2014-0133</cvename>
5181      <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html</url>
5182    </references>
5183    <dates>
5184      <discovery>2014-03-18</discovery>
5185      <entry>2014-03-23</entry>
5186    </dates>
5187  </vuln>
5188
5189  <vuln vid="fc28df92-b233-11e3-99ca-f0def16c5c1b">
5190    <topic>nginx -- SPDY heap buffer overflow</topic>
5191    <affects>
5192      <package>
5193	<name>nginx</name>
5194	<range><lt>1.4.7</lt></range>
5195      </package>
5196    </affects>
5197    <description>
5198      <body xmlns="http://www.w3.org/1999/xhtml">
5199	<p>The nginx project reports:</p>
5200	<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html">
5201	  <p>A bug in the experimental SPDY implementation in nginx was found, which
5202	   might allow an attacker to cause a heap memory buffer overflow in a
5203	   worker process by using a specially crafted request, potentially
5204	   resulting in arbitrary code execution (CVE-2014-0133).</p>
5205
5206	  <p>The problem affects nginx 1.3.15 - 1.5.11, compiled with the
5207	   ngx_http_spdy_module module (which is not compiled by default) and
5208	   without --with-debug configure option, if the "spdy" option of the
5209	   "listen" directive is used in a configuration file.</p>
5210
5211	  <p>The problem is fixed in nginx 1.5.12, 1.4.7.</p>
5212	</blockquote>
5213      </body>
5214    </description>
5215    <references>
5216      <cvename>CVE-2014-0133</cvename>
5217      <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html</url>
5218    </references>
5219    <dates>
5220      <discovery>2014-03-18</discovery>
5221      <entry>2014-03-23</entry>
5222    </dates>
5223  </vuln>
5224
5225  <vuln vid="91ecb546-b1e6-11e3-980f-20cf30e32f6d">
5226    <topic>apache -- several vulnerabilities</topic>
5227    <affects>
5228      <package>
5229	<name>apache24</name>
5230	<range><gt>2.4.0</gt><lt>2.4.9</lt></range>
5231      </package>
5232      <package>
5233	<name>apache22</name>
5234	<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
5235      </package>
5236      <package>
5237	<name>apache22-event-mpm</name>
5238	<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
5239      </package>
5240      <package>
5241	<name>apache22-itk-mpm</name>
5242	<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
5243      </package>
5244      <package>
5245	<name>apache22-peruser-mpm</name>
5246	<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
5247      </package>
5248      <package>
5249	<name>apache22-worker-mpm</name>
5250	<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
5251      </package>
5252    </affects>
5253    <description>
5254      <body xmlns="http://www.w3.org/1999/xhtml">
5255	<h1>Apache HTTP SERVER PROJECT reports:</h1>
5256	<blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.27">
5257	  <p>Clean up cookie logging with fewer redundant string parsing passes.
5258	    Log only cookies with a value assignment. Prevents segfaults when
5259	    logging truncated cookies.</p>
5260	  <p>mod_dav: Keep track of length of cdata properly when removing leading
5261	    spaces. Eliminates a potential denial of service from specifically
5262	    crafted DAV WRITE requests.</p>
5263	</blockquote>
5264      </body>
5265    </description>
5266    <references>
5267      <cvename>CVE-2014-0098</cvename>
5268      <cvename>CVE-2013-6438</cvename>
5269    </references>
5270    <dates>
5271      <discovery>2014-02-25</discovery>
5272      <entry>2014-03-22</entry>
5273    </dates>
5274  </vuln>
5275
5276  <vuln vid="610de647-af8d-11e3-a25b-b4b52fce4ce8">
5277    <topic>mozilla -- multiple vulnerabilities</topic>
5278    <affects>
5279      <package>
5280	<name>firefox</name>
5281	<range><lt>28.0,1</lt></range>
5282      </package>
5283      <package>
5284	<name>firefox-esr</name>
5285	<range><lt>24.4.0,1</lt></range>
5286      </package>
5287      <package>
5288	<name>linux-firefox</name>
5289	<range><lt>28.0,1</lt></range>
5290      </package>
5291      <package>
5292	<name>linux-seamonkey</name>
5293	<range><lt>2.25</lt></range>
5294      </package>
5295      <package>
5296	<name>linux-thunderbird</name>
5297	<range><lt>24.4.0</lt></range>
5298      </package>
5299      <package>
5300	<name>seamonkey</name>
5301	<range><lt>2.25</lt></range>
5302      </package>
5303      <package>
5304	<name>thunderbird</name>
5305	<range><lt>24.4.0</lt></range>
5306      </package>
5307    </affects>
5308    <description>
5309      <body xmlns="http://www.w3.org/1999/xhtml">
5310	<p>The Mozilla Project reports:</p>
5311	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
5312	  <p>MFSA 2014-15 Miscellaneous memory safety hazards
5313	    (rv:28.0 / rv:24.4)</p>
5314	  <p>MFSA 2014-16 Files extracted during updates are not always
5315	    read only</p>
5316	  <p>MFSA 2014-17 Out of bounds read during WAV file decoding</p>
5317	  <p>MFSA 2014-18 crypto.generateCRMFRequest does not validate
5318	    type of key</p>
5319	  <p>MFSA 2014-19 Spoofing attack on WebRTC permission prompt</p>
5320	  <p>MFSA 2014-20 onbeforeunload and Javascript navigation DOS</p>
5321	  <p>MFSA 2014-21 Local file access via Open Link in new tab</p>
5322	  <p>MFSA 2014-22 WebGL content injection from one domain to
5323	    rendering in another</p>
5324	  <p>MFSA 2014-23 Content Security Policy for data: documents
5325	    not preserved by session restore</p>
5326	  <p>MFSA 2014-24 Android Crash Reporter open to manipulation</p>
5327	  <p>MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable
5328	    to relative path escape</p>
5329	  <p>MFSA 2014-26 Information disclosure through polygon
5330	    rendering in MathML</p>
5331	  <p>MFSA 2014-27 Memory corruption in Cairo during PDF font
5332	    rendering</p>
5333	  <p>MFSA 2014-28 SVG filters information disclosure through
5334	    feDisplacementMap</p>
5335	  <p>MFSA 2014-29 Privilege escalation using WebIDL-implemented
5336	    APIs</p>
5337	  <p>MFSA 2014-30 Use-after-free in TypeObject</p>
5338	  <p>MFSA 2014-31 Out-of-bounds read/write through neutering
5339	    ArrayBuffer objects</p>
5340	  <p>MFSA 2014-32 Out-of-bounds write through TypedArrayObject
5341	    after neutering</p>
5342	</blockquote>
5343      </body>
5344    </description>
5345    <references>
5346      <cvename>CVE-2014-1493</cvename>
5347      <cvename>CVE-2014-1494</cvename>
5348      <cvename>CVE-2014-1496</cvename>
5349      <cvename>CVE-2014-1497</cvename>
5350      <cvename>CVE-2014-1498</cvename>
5351      <cvename>CVE-2014-1499</cvename>
5352      <cvename>CVE-2014-1500</cvename>
5353      <cvename>CVE-2014-1501</cvename>
5354      <cvename>CVE-2014-1502</cvename>
5355      <cvename>CVE-2014-1504</cvename>
5356      <cvename>CVE-2014-1505</cvename>
5357      <cvename>CVE-2014-1506</cvename>
5358      <cvename>CVE-2014-1507</cvename>
5359      <cvename>CVE-2014-1508</cvename>
5360      <cvename>CVE-2014-1509</cvename>
5361      <cvename>CVE-2014-1510</cvename>
5362      <cvename>CVE-2014-1511</cvename>
5363      <cvename>CVE-2014-1512</cvename>
5364      <cvename>CVE-2014-1513</cvename>
5365      <cvename>CVE-2014-1514</cvename>
5366      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-15.html</url>
5367      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-16.html</url>
5368      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-17.html</url>
5369      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-18.html</url>
5370      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-19.html</url>
5371      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-20.html</url>
5372      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-21.html</url>
5373      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-22.html</url>
5374      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-23.html</url>
5375      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-24.html</url>
5376      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-25.html</url>
5377      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-26.html</url>
5378      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-27.html</url>
5379      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-28.html</url>
5380      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-29.html</url>
5381      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-30.html</url>
5382      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-31.html</url>
5383      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-32.html</url>
5384      <url>http://www.mozilla.org/security/known-vulnerabilities/</url>
5385    </references>
5386    <dates>
5387      <discovery>2014-03-19</discovery>
5388      <entry>2014-03-19</entry>
5389      <modified>2014-03-20</modified>
5390    </dates>
5391  </vuln>
5392
5393  <vuln vid="eb426e82-ab68-11e3-9d09-000c2980a9f3">
5394    <topic>mutt -- denial of service, potential remote code execution</topic>
5395    <affects>
5396      <package>
5397	<name>mutt</name>
5398	<range><lt>1.5.23</lt></range>
5399      </package>
5400    </affects>
5401    <description>
5402      <body xmlns="http://www.w3.org/1999/xhtml">
5403	<p>Beatrice Torracca and Evgeni Golov report:</p>
5404	<blockquote cite="http://www.securityfocus.com/archive/1/531431">
5405	  <p>A buffer overflow has been discovered that could result in
5406	    denial of service or potential execution of arbitrary code.</p>
5407	  <p>This condition can be triggered by malformed RFC2047 header
5408	    lines</p>
5409	</blockquote>
5410      </body>
5411    </description>
5412    <references>
5413      <cvename>CVE-2014-0467</cvename>
5414      <url>http://packetstormsecurity.com/files/cve/CVE-2014-0467</url>
5415      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467</url>
5416    </references>
5417    <dates>
5418      <discovery>2014-03-12</discovery>
5419      <entry>2014-03-14</entry>
5420    </dates>
5421  </vuln>
5422
5423  <vuln vid="777d7b9e-ab02-11e3-841e-60a44c524f57">
5424    <topic>wemux -- read-only can be bypassed</topic>
5425    <affects>
5426      <package>
5427	<name>wemux</name>
5428	<range><lt>3.2.0</lt></range>
5429      </package>
5430    </affects>
5431    <description>
5432      <body xmlns="http://www.w3.org/1999/xhtml">
5433	<p>JonApps reports:</p>
5434	<blockquote cite="https://github.com/zolrath/wemux/issues/36">
5435	  <p>The read-only mode can be bypassed and any command sent to bash session</p>
5436	</blockquote>
5437      </body>
5438    </description>
5439    <references>
5440      <url>https://github.com/zolrath/wemux/issues/36</url>
5441    </references>
5442    <dates>
5443      <discovery>2013-12-24</discovery>
5444      <entry>2014-03-13</entry>
5445    </dates>
5446  </vuln>
5447
5448  <vuln vid="03e48bf5-a96d-11e3-a556-3c970e169bc2">
5449    <topic>samba -- multiple vulnerabilities</topic>
5450    <affects>
5451      <package>
5452	<name>samba34</name>
5453	<range><gt>0</gt></range>
5454      </package>
5455      <package>
5456	<name>samba35</name>
5457	<range><gt>0</gt></range>
5458      </package>
5459      <package>
5460	<name>samba36</name>
5461	<range><gt>3.6.*</gt><lt>3.6.23</lt></range>
5462      </package>
5463      <package>
5464	<name>samba4</name>
5465	<range><gt>4.0.*</gt><lt>4.0.16</lt></range>
5466      </package>
5467      <package>
5468	<name>samba41</name>
5469	<range><gt>4.1.*</gt><lt>4.1.6</lt></range>
5470      </package>
5471    </affects>
5472    <description>
5473      <body xmlns="http://www.w3.org/1999/xhtml">
5474	<p>Samba project reports:</p>
5475	<blockquote cite="http://www.samba.org/samba/security/CVE-2013-4496">
5476	  <p>In Samba's SAMR server we neglect to ensure that attempted
5477	    password changes will update the bad password count, nor set
5478	    the lockout flags.  This would allow a user unlimited attempts
5479	    against the password by simply calling ChangePasswordUser2
5480	    repeatedly.</p>
5481	  <p>This is available without any other authentication.</p>
5482	</blockquote>
5483	<blockquote cite="http://www.samba.org/samba/security/CVE-2013-6442">
5484	  <p>smbcacls can remove a file or directory ACL by mistake.</p>
5485	</blockquote>
5486      </body>
5487    </description>
5488    <references>
5489      <cvename>CVE-2013-4496</cvename>
5490      <cvename>CVE-2013-6442</cvename>
5491      <url>http://www.samba.org/samba/security/CVE-2013-4496</url>
5492      <url>http://www.samba.org/samba/security/CVE-2013-6442</url>
5493    </references>
5494    <dates>
5495      <discovery>2014-03-11</discovery>
5496      <entry>2014-03-11</entry>
5497    </dates>
5498  </vuln>
5499
5500  <vuln vid="03159886-a8a3-11e3-8f36-0025905a4771">
5501    <topic>asterisk -- multiple vulnerabilities</topic>
5502    <affects>
5503      <package>
5504	<name>asterisk11</name>
5505	<range><lt>11.8.1</lt></range>
5506      </package>
5507      <package>
5508	<name>asterisk18</name>
5509	<range><lt>1.8.26.1</lt></range>
5510      </package>
5511    </affects>
5512    <description>
5513      <body xmlns="http://www.w3.org/1999/xhtml">
5514	<p>The Asterisk project reports:</p>
5515	<blockquote cite="https://www.asterisk.org/security">
5516	  <p>Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP
5517	    request that is handled by Asterisk with a large number of Cookie
5518	    headers could overflow the stack. You could even exhaust memory if you
5519	    sent an unlimited number of headers in the request.</p>
5520	  <p>Denial of Service Through File Descriptor Exhaustion with chan_sip
5521	    Session-Timers. An attacker can use all available file descriptors
5522	    using SIP INVITE requests. Asterisk will respond with code 400, 420,
5523	    or 422 for INVITEs meeting this criteria.
5524	    Each INVITE meeting these conditions will leak a channel and several
5525	    file descriptors. The file descriptors cannot be released without
5526	    restarting Asterisk which may allow intrusion detection systems to be
5527	    bypassed by sending the requests slowly.</p>
5528	  <p>Remote Crash Vulnerability in PJSIP channel driver. A remotely
5529	    exploitable crash vulnerability exists in the PJSIP channel driver if
5530	    the "qualify_frequency" configuration option is enabled on an AOR and
5531	    the remote SIP server challenges for authentication of the resulting
5532	    OPTIONS request. The response handling code wrongly assumes that a
5533	    PJSIP endpoint will always be associated with an outgoing request which
5534	    is incorrect.</p>
5535	</blockquote>
5536      </body>
5537    </description>
5538    <references>
5539      <cvename>CVE-2014-2286</cvename>
5540      <cvename>CVE-2014-2287</cvename>
5541      <cvename>CVE-2014-2288</cvename>
5542      <url>http://downloads.asterisk.org/pub/security/AST-2014-001.pdf</url>
5543      <url>http://downloads.asterisk.org/pub/security/AST-2014-002.pdf</url>
5544      <url>http://downloads.asterisk.org/pub/security/AST-2014-003.pdf</url>
5545      <url>https://www.asterisk.org/security</url>
5546    </references>
5547    <dates>
5548      <discovery>2014-03-10</discovery>
5549      <entry>2014-03-10</entry>
5550    </dates>
5551  </vuln>
5552
5553  <vuln vid="1a0de610-a761-11e3-95fe-bcaec565249c">
5554    <topic>freetype2 -- Out of bounds read/write</topic>
5555    <affects>
5556      <package>
5557	<name>freetype2</name>
5558	<range><lt>2.5.3</lt></range>
5559      </package>
5560    </affects>
5561    <description>
5562      <body xmlns="http://www.w3.org/1999/xhtml">
5563	<p>Mateusz Jurczyk reports:</p>
5564	<blockquote cite="http://savannah.nongnu.org/bugs/?41697">
5565	  <p>Out of bounds stack-based read/write in
5566	    cf2_hintmap_build.</p>
5567	  <p>This is a critical vulnerability in the CFF Rasterizer
5568	    code recently contributed by Adobe, leading to potential
5569	    arbitrary code execution in the context of the FreeType2
5570	    library client.</p>
5571	</blockquote>
5572      </body>
5573    </description>
5574    <references>
5575      <url>http://savannah.nongnu.org/bugs/?41697</url>
5576    </references>
5577    <dates>
5578      <discovery>2014-02-25</discovery>
5579      <entry>2014-03-09</entry>
5580    </dates>
5581  </vuln>
5582
5583  <vuln vid="20e23b65-a52e-11e3-ae3a-00224d7c32a2">
5584    <topic>xmms -- Integer Overflow And Underflow Vulnerabilities</topic>
5585    <affects>
5586      <package>
5587	<name>xmms</name>
5588	<range><le>1.2.11_20</le></range>
5589      </package>
5590    </affects>
5591    <description>
5592      <body xmlns="http://www.w3.org/1999/xhtml">
5593	<p>Secunia reports:</p>
5594	<blockquote cite="http://secunia.com/secunia_research/2007-47/advisory/">
5595	  <p>Secunia Research has discovered two vulnerabilities in XMMS, which can
5596	    be exploited by malicious people to compromise a user's system.</p>
5597
5598	  <p>1) An integer underflow error exists in the processing of skin bitmap
5599	    images. This can be exploited to cause a stack-based buffer overflow
5600	    via specially crafted skin images containing manipulated header
5601	    information.</p>
5602
5603	  <p>Successful exploitation allows execution of arbitrary code.</p>
5604
5605	  <p>2) An integer overflow error exists in the processing of skin bitmap
5606	    images. This can be exploited to cause memory corruption via specially
5607	    crafted skin images containing manipulated header information.</p>
5608
5609	  <p>Successful exploitation may allow the execution of arbitrary code.</p>
5610	</blockquote>
5611      </body>
5612    </description>
5613    <references>
5614      <cvename>CVE-2007-0653</cvename>
5615      <cvename>CVE-2007-0654</cvename>
5616    </references>
5617    <dates>
5618      <discovery>2007-02-06</discovery>
5619      <entry>2014-03-06</entry>
5620    </dates>
5621  </vuln>
5622
5623  <vuln vid="89db3b31-a4c3-11e3-978f-f0def16c5c1b">
5624    <topic>nginx -- SPDY memory corruption</topic>
5625    <affects>
5626      <package>
5627	<name>nginx-devel</name>
5628	<range><eq>1.5.10</eq></range>
5629      </package>
5630    </affects>
5631    <description>
5632      <body xmlns="http://www.w3.org/1999/xhtml">
5633	<p>The nginx project reports:</p>
5634	<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html">
5635	  <p>A bug in the experimental SPDY implementation in nginx 1.5.10 was found,
5636	   which might allow an attacker to corrupt worker process memory by using
5637	   a specially crafted request, potentially resulting in arbitrary code
5638	   execution (CVE-2014-0088).</p>
5639
5640	   <p>The problem only affects nginx 1.5.10 on 32-bit platforms, compiled with
5641	   the ngx_http_spdy_module module (which is not compiled by default), if
5642	   the "spdy" option of the "listen" directive is used in a configuration
5643	   file.</p>
5644	</blockquote>
5645      </body>
5646    </description>
5647    <references>
5648      <cvename>CVE-2014-0088</cvename>
5649      <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html</url>
5650    </references>
5651    <dates>
5652      <discovery>2014-03-04</discovery>
5653      <entry>2014-03-06</entry>
5654    </dates>
5655  </vuln>
5656
5657  <vuln vid="f645aa90-a3e8-11e3-a422-3c970e169bc2">
5658    <topic>gnutls -- multiple certificate verification issues</topic>
5659    <affects>
5660      <package>
5661	<name>gnutls</name>
5662	<range><lt>2.12.23_4</lt></range>
5663      </package>
5664      <package>
5665	<name>linux-f10-gnutls</name>
5666	<range><lt>2.12.23_4</lt></range>
5667      </package>
5668      <package>
5669	<name>gnutls-devel</name>
5670	<range><lt>3.1.22</lt></range>
5671	<range><gt>3.2.0</gt><lt>3.2.12</lt></range>
5672      </package>
5673      <package>
5674	<name>gnutls3</name>
5675	<range><lt>3.1.22</lt></range>
5676	<range><gt>3.2.0</gt><lt>3.2.12</lt></range>
5677      </package>
5678    </affects>
5679    <description>
5680      <body xmlns="http://www.w3.org/1999/xhtml">
5681	<p>GnuTLS project reports:</p>
5682	<blockquote cite="http://www.gnutls.org/security.html#GNUTLS-SA-2014-2">
5683	  <p>A vulnerability was discovered that affects the
5684	    certificate verification functions of all gnutls
5685	    versions. A specially crafted certificate could
5686	    bypass certificate validation checks.  The
5687	    vulnerability was discovered during an audit of
5688	    GnuTLS for Red Hat.</p>
5689	</blockquote>
5690	<blockquote cite="http://www.gnutls.org/security.html#GNUTLS-SA-2014-1">
5691	  <p>Suman Jana reported a vulnerability that affects
5692	    the certificate verification functions of
5693	    gnutls 2.11.5 and later versions. A version 1
5694	    intermediate certificate will be considered as
5695	    a CA certificate by default (something that
5696	    deviates from the documented behavior).</p>
5697	</blockquote>
5698      </body>
5699    </description>
5700    <references>
5701      <cvename>CVE-2014-0092</cvename>
5702      <cvename>CVE-2014-1959</cvename>
5703      <url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-1</url>
5704      <url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-2</url>
5705    </references>
5706    <dates>
5707      <discovery>2014-03-03</discovery>
5708      <entry>2014-03-04</entry>
5709      <modified>2014-04-30</modified>
5710    </dates>
5711  </vuln>
5712
5713  <vuln vid="815dbcf9-a2d6-11e3-8088-002590860428">
5714    <topic>file -- denial of service</topic>
5715    <affects>
5716      <package>
5717	<name>file</name>
5718	<range><lt>5.17</lt></range>
5719      </package>
5720    </affects>
5721    <description>
5722      <body xmlns="http://www.w3.org/1999/xhtml">
5723	<p>The Fine Free file project reports:</p>
5724	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943">
5725	  <p>file before 5.17 allows context-dependent attackers to
5726	    cause a denial of service (infinite recursion, CPU consumption, and
5727	    crash) via a crafted indirect offset value in the magic of a file.</p>
5728	</blockquote>
5729      </body>
5730    </description>
5731    <references>
5732      <cvename>CVE-2014-1943</cvename>
5733      <mlist>http://mx.gw.com/pipermail/file/2014/001327.html</mlist>
5734    </references>
5735    <dates>
5736      <discovery>2014-02-16</discovery>
5737      <entry>2014-03-03</entry>
5738    </dates>
5739  </vuln>
5740
5741  <vuln vid="8e5e6d42-a0fa-11e3-b09a-080027f2d077">
5742    <topic>Python -- buffer overflow in socket.recvfrom_into()</topic>
5743    <affects>
5744      <package>
5745	<name>python27</name>
5746	<range><le>2.7.6_3</le></range>
5747      </package>
5748      <package>
5749	<name>python31</name>
5750	<range><le>3.1.5_10</le></range>
5751      </package>
5752      <package>
5753	<name>python32</name>
5754	<range><le>3.2.5_7</le></range>
5755      </package>
5756      <package>
5757	<name>python33</name>
5758	<range><le>3.3.3_2</le></range>
5759      </package>
5760    </affects>
5761    <description>
5762      <body xmlns="http://www.w3.org/1999/xhtml">
5763	<p>Vincent Danen via Red Hat Issue Tracker reports:</p>
5764	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1062370">
5765	  <p>A vulnerability was reported in Python's socket module, due to a
5766	   boundary error within the sock_recvfrom_into() function, which could be
5767	   exploited to cause a buffer overflow.  This could be used to crash a
5768	   Python application that uses the socket.recvfrom_info() function or,
5769	   possibly, execute arbitrary code with the permissions of the user
5770	   running vulnerable Python code.</p>
5771
5772	  <p>This vulnerable function, socket.recvfrom_into(), was introduced in
5773	   Python 2.5.  Earlier versions are not affected by this flaw.</p>
5774	</blockquote>
5775      </body>
5776    </description>
5777    <references>
5778      <bid>65379</bid>
5779      <cvename>CVE-2014-1912</cvename>
5780      <mlist>https://mail.python.org/pipermail/python-dev/2014-February/132758.html</mlist>
5781      <url>http://bugs.python.org/issue20246</url>
5782      <url>https://bugzilla.redhat.com/show_bug.cgi?id=1062370</url>
5783    </references>
5784    <dates>
5785      <discovery>2014-01-14</discovery>
5786      <entry>2014-03-01</entry>
5787    </dates>
5788  </vuln>
5789
5790  <vuln vid="1839f78c-9f2b-11e3-980f-20cf30e32f6d">
5791    <topic>subversion -- mod_dav_svn vulnerability</topic>
5792    <affects>
5793      <package>
5794	<name>subversion</name>
5795	<range><ge>1.3.0</ge><lt>1.7.16</lt></range>
5796	<range><ge>1.8.0</ge><lt>1.8.8</lt></range>
5797      </package>
5798      <package>
5799	<name>subversion16</name>
5800	<range><ge>1.3.0</ge><lt>1.7.16</lt></range>
5801      </package>
5802      <package>
5803	<name>subversion17</name>
5804	<range><ge>1.3.0</ge><lt>1.7.16</lt></range>
5805      </package>
5806    </affects>
5807    <description>
5808      <body xmlns="http://www.w3.org/1999/xhtml">
5809	<p>Subversion Project reports:</p>
5810	<blockquote cite="http://subversion.apache.org/security/">
5811	  <p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it
5812	    receives an OPTIONS request against the server root and Subversion is
5813	    configured to handle the server root and SVNListParentPath is on.
5814	    This can lead to a DoS.  There are no known instances of this
5815	    problem being exploited in the wild, but the details of how to exploit
5816	    it have been disclosed on the Subversion development mailing list.</p>
5817	</blockquote>
5818      </body>
5819    </description>
5820    <references>
5821      <url>CVE-2014-0032</url>
5822      <url>https://subversion.apache.org/security/CVE-2014-0032-advisory.txt</url>
5823    </references>
5824    <dates>
5825      <discovery>2014-01-10</discovery>
5826      <entry>2014-02-26</entry>
5827      <modified>2014-04-30</modified>
5828    </dates>
5829  </vuln>
5830
5831  <vuln vid="70b72a52-9e54-11e3-babe-60a44c524f57">
5832    <topic>otrs -- XSS Issue</topic>
5833    <affects>
5834      <package>
5835	<name>otrs</name>
5836	<range><lt>3.1.20</lt></range>
5837	<range><gt>3.2.*</gt><lt>3.2.15</lt></range>
5838	<range><gt>3.3.*</gt><lt>3.3.5</lt></range>
5839      </package>
5840    </affects>
5841    <description>
5842      <body xmlns="http://www.w3.org/1999/xhtml">
5843	<p>The OTRS Project reports:</p>
5844	<blockquote cite="https://www.otrs.com/security-advisory-2014-03-xss-issue/">
5845	  <p>An attacker could send a specially prepared HTML email to OTRS. If
5846he can then trick an agent into following a special link to display this email,
5847JavaScript code would be executed.</p>
5848	</blockquote>
5849      </body>
5850    </description>
5851    <references>
5852      <url>https://www.otrs.com/security-advisory-2014-03-xss-issue/</url>
5853      <cvename>CVE-2014-1695</cvename>
5854    </references>
5855    <dates>
5856      <discovery>2014-02-25</discovery>
5857      <entry>2014-02-25</entry>
5858    </dates>
5859  </vuln>
5860
5861  <vuln vid="42d42090-9a4d-11e3-b029-08002798f6ff">
5862    <topic>PostgreSQL -- multiple privilege issues</topic>
5863    <affects>
5864      <package>
5865	<name>postgresql-server</name>
5866	<range><lt>8.4.20</lt></range>
5867	<range><ge>9.0.0</ge><lt>9.0.16</lt></range>
5868	<range><ge>9.1.0</ge><lt>9.1.12</lt></range>
5869	<range><ge>9.2.0</ge><lt>9.2.7</lt></range>
5870	<range><ge>9.3.0</ge><lt>9.3.3</lt></range>
5871      </package>
5872    </affects>
5873    <description>
5874      <body xmlns="http://www.w3.org/1999/xhtml">
5875	<p>PostgreSQL Project reports:</p>
5876	<blockquote cite="http://www.postgresql.org/about/news/1506/">
5877	  <p>This update fixes CVE-2014-0060, in which PostgreSQL did not
5878	  properly enforce the WITH ADMIN OPTION permission for ROLE management.
5879	  Before this fix, any member of a ROLE was able to grant others access
5880	  to the same ROLE regardless if the member was given the WITH ADMIN
5881	  OPTION permission. It also fixes multiple privilege escalation issues,
5882	  including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
5883	  CVE-2014-0065, and CVE-2014-0066. More information on these issues can
5884	  be found on our security page and the security issue detail wiki page.
5885	 </p>
5886	 <p>
5887	  With this release, we are also alerting users to a known security hole
5888	  that allows other users on the same machine to gain access to an
5889	  operating system account while it is doing "make check":
5890	  CVE-2014-0067. "Make check" is normally part of building PostgreSQL
5891	  from source code. As it is not possible to fix this issue without
5892	  causing significant issues to our testing infrastructure, a patch will
5893	  be released separately and publicly. Until then, users are strongly
5894	  advised not to run "make check" on machines where untrusted users have
5895	  accounts.</p>
5896	</blockquote>
5897      </body>
5898    </description>
5899    <references>
5900      <cvename>CVE-2014-0060</cvename>
5901      <cvename>CVE-2014-0061</cvename>
5902      <cvename>CVE-2014-0062</cvename>
5903      <cvename>CVE-2014-0063</cvename>
5904      <cvename>CVE-2014-0064</cvename>
5905      <cvename>CVE-2014-0065</cvename>
5906      <cvename>CVE-2014-0066</cvename>
5907      <cvename>CVE-2014-0067</cvename>
5908    </references>
5909    <dates>
5910      <discovery>2014-02-20</discovery>
5911      <entry>2014-02-20</entry>
5912    </dates>
5913  </vuln>
5914
5915  <vuln vid="0871d18b-9638-11e3-a371-6805ca0b3d42">
5916    <topic>phpMyAdmin -- Self-XSS due to unescaped HTML output in import.</topic>
5917    <affects>
5918      <package>
5919	<name>phpMyAdmin</name>
5920	<range><ge>3.3.1</ge><lt>4.1.7</lt></range>
5921      </package>
5922    </affects>
5923    <description>
5924      <body xmlns="http://www.w3.org/1999/xhtml">
5925	<p>The phpMyAdmin development team reports:</p>
5926	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php">
5927	  <p> When importing a file with crafted filename, it is
5928	    possible to trigger an XSS.  We consider this vulnerability
5929	    to be non critical.</p>
5930	</blockquote>
5931      </body>
5932    </description>
5933    <references>
5934      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php</url>
5935      <cvename>CVE-2014-1879</cvename>
5936    </references>
5937    <dates>
5938      <discovery>2014-02-15</discovery>
5939      <entry>2014-02-15</entry>
5940    </dates>
5941  </vuln>
5942
5943  <vuln vid="3e0507c6-9614-11e3-b3a5-00e0814cab4e">
5944    <topic>jenkins -- multiple vulnerabilities</topic>
5945    <affects>
5946      <package>
5947	<name>jenkins</name>
5948	<range><lt>1.551</lt></range>
5949      </package>
5950      <package>
5951	<name>jenkins-lts</name>
5952	<range><lt>1.532.2</lt></range>
5953      </package>
5954    </affects>
5955    <description>
5956      <body xmlns="http://www.w3.org/1999/xhtml">
5957	<p>Jenkins Security Advisory reports:</p>
5958	<blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14">
5959	  <p>This advisory announces multiple security vulnerabilities that
5960	    were found in Jenkins core.</p>
5961	  <p>Please reference CVE/URL list for details</p>
5962	</blockquote>
5963      </body>
5964    </description>
5965    <references>
5966      <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14</url>
5967      <cvename>CVE-2013-5573</cvename>
5968      <cvename>CVE-2013-7285</cvename>
5969    </references>
5970    <dates>
5971      <discovery>2014-02-14</discovery>
5972      <entry>2014-02-15</entry>
5973    </dates>
5974  </vuln>
5975
5976  <vuln vid="90b27045-9530-11e3-9d09-000c2980a9f3">
5977    <topic>lighttpd -- multiple vulnerabilities</topic>
5978    <affects>
5979      <package>
5980	<name>lighttpd</name>
5981	<range><lt>1.4.34</lt></range>
5982      </package>
5983    </affects>
5984    <description>
5985      <body xmlns="http://www.w3.org/1999/xhtml">
5986	<p>lighttpd security advisories report:</p>
5987	<blockquote cite="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt">
5988	  <p>It is possible to inadvertantly enable vulnerable ciphers when using
5989	    ssl.cipher-list.</p>
5990	</blockquote>
5991	<blockquote cite="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt">
5992	  <p>In certain cases setuid() and similar can fail, potentially triggering
5993	    lighttpd to restart running as root.</p>
5994	</blockquote>
5995	<blockquote cite="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt">
5996	  <p>If FAMMonitorDirectory fails, the memory intended to store the context is
5997	    released; some lines below the "version" compoment of that context is read.
5998	    Reading invalid data doesn't matter, but the memory access could trigger a
5999	    segfault.</p>
6000	</blockquote>
6001      </body>
6002    </description>
6003    <references>
6004      <url>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt</url>
6005      <url>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt</url>
6006      <url>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt</url>
6007      <cvename>CVE-2013-4508</cvename>
6008      <cvename>CVE-2013-4559</cvename>
6009      <cvename>CVE-2013-4560</cvename>
6010    </references>
6011    <dates>
6012      <discovery>2013-11-28</discovery>
6013      <entry>2014-02-14</entry>
6014    </dates>
6015  </vuln>
6016
6017  <vuln vid="4dd575b8-8f82-11e3-bb11-0025905a4771">
6018    <topic>phpmyfaq -- multiple vulnerabilities</topic>
6019    <affects>
6020      <package>
6021	<name>phpmyfaq</name>
6022	<range><lt>2.8.6</lt></range>
6023      </package>
6024    </affects>
6025    <description>
6026      <body xmlns="http://www.w3.org/1999/xhtml">
6027	<p>The phpMyFAQ team reports:</p>
6028	<blockquote cite="http://www.phpmyfaq.de/advisory_2014-02-04.php">
6029	  <p> An arbitrary script may be executed on the user's Internet
6030	    Explorer when using an older version of the browser. If a user views
6031	    a malicious page while logged in, settings may be changed
6032	    unintentionally.</p>
6033	</blockquote>
6034      </body>
6035    </description>
6036    <references>
6037      <cvename>CVE-2014-0813</cvename>
6038      <cvename>CVE-2014-0814</cvename>
6039      <url>http://www.phpmyfaq.de/advisory_2014-02-04.php</url>
6040    </references>
6041    <dates>
6042      <discovery>2014-02-04</discovery>
6043      <entry>2014-02-06</entry>
6044    </dates>
6045  </vuln>
6046
6047  <vuln vid="b7a7576d-8e0a-11e3-9976-9c4e36909cc0">
6048    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
6049    <affects>
6050      <package>
6051	<name>linux-f10-flashplugin</name>
6052	<range><lt>11.2r202.336</lt></range>
6053      </package>
6054    </affects>
6055    <description>
6056      <body xmlns="http://www.w3.org/1999/xhtml">
6057	<p>Adobe reports:</p>
6058	<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb14-04.html">
6059	  <p>These updates address vulnerabilities that could cause a crash
6060	    and potentially allow an attacker to take control of the affected system.</p>
6061	</blockquote>
6062      </body>
6063    </description>
6064    <references>
6065      <cvename>CVE-2014-0497</cvename>
6066      <url>http://www.adobe.com/support/security/bulletins/apsb14-04.html</url>
6067    </references>
6068    <dates>
6069      <discovery>2014-02-04</discovery>
6070      <entry>2014-02-04</entry>
6071      <modified>2014-02-05</modified>
6072    </dates>
6073  </vuln>
6074
6075  <vuln vid="1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8">
6076    <topic>mozilla -- multiple vulnerabilities</topic>
6077    <affects>
6078      <package>
6079	<name>firefox</name>
6080	<range><gt>25.0,1</gt><lt>27.0,1</lt></range>
6081	<range><lt>24.3.0,1</lt></range>
6082      </package>
6083      <package>
6084	<name>linux-firefox</name>
6085	<range><lt>27.0,1</lt></range>
6086      </package>
6087      <package>
6088	<name>linux-seamonkey</name>
6089	<range><lt>2.24</lt></range>
6090      </package>
6091      <package>
6092	<name>linux-thunderbird</name>
6093	<range><lt>24.3.0</lt></range>
6094      </package>
6095      <package>
6096	<name>seamonkey</name>
6097	<range><lt>2.24</lt></range>
6098      </package>
6099      <package>
6100	<name>thunderbird</name>
6101	<range><lt>24.3.0</lt></range>
6102      </package>
6103    </affects>
6104    <description>
6105      <body xmlns="http://www.w3.org/1999/xhtml">
6106	<p>The Mozilla Project reports:</p>
6107	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
6108	  <p>MFSA 2014-01 Miscellaneous memory safety hazards
6109	    (rv:27.0 / rv:24.3)</p>
6110	  <p>MFSA 2014-02 Clone protected content with XBL scopes</p>
6111	  <p>MFSA 2014-03 UI selection timeout missing on download
6112	    prompts</p>
6113	  <p>MFSA 2014-04 Incorrect use of discarded images by
6114	    RasterImage</p>
6115	  <p>MFSA 2014-05 Information disclosure with *FromPoint on
6116	    iframes</p>
6117	  <p>MFSA 2014-06 Profile path leaks to Android system log</p>
6118	  <p>MFSA 2014-07 XSLT stylesheets treated as styles in Content
6119	    Security Policy</p>
6120	  <p>MFSA 2014-08 Use-after-free with imgRequestProxy and image
6121	    proccessing</p>
6122	  <p>MFSA 2014-09 Cross-origin information leak through web
6123	    workers</p>
6124	  <p>MFSA 2014-10 Firefox default start page UI content invokable
6125	    by script</p>
6126	  <p>MFSA 2014-11 Crash when using web workers with asm.js</p>
6127	  <p>MFSA 2014-12 NSS ticket handling issues</p>
6128	  <p>MFSA 2014-13 Inconsistent JavaScript handling of access to
6129	    Window objects</p>
6130	</blockquote>
6131      </body>
6132    </description>
6133    <references>
6134      <cvename>CVE-2014-1477</cvename>
6135      <cvename>CVE-2014-1478</cvename>
6136      <cvename>CVE-2014-1479</cvename>
6137      <cvename>CVE-2014-1480</cvename>
6138      <cvename>CVE-2014-1481</cvename>
6139      <cvename>CVE-2014-1482</cvename>
6140      <cvename>CVE-2014-1483</cvename>
6141      <cvename>CVE-2014-1484</cvename>
6142      <cvename>CVE-2014-1485</cvename>
6143      <cvename>CVE-2014-1486</cvename>
6144      <cvename>CVE-2014-1487</cvename>
6145      <cvename>CVE-2014-1488</cvename>
6146      <cvename>CVE-2014-1489</cvename>
6147      <cvename>CVE-2014-1490</cvename>
6148      <cvename>CVE-2014-1491</cvename>
6149      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-01.html</url>
6150      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-02.html</url>
6151      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-03.html</url>
6152      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-04.html</url>
6153      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-05.html</url>
6154      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-06.html</url>
6155      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-07.html</url>
6156      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-08.html</url>
6157      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-09.html</url>
6158      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-10.html</url>
6159      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-11.html</url>
6160      <url>https://www.mozilla.org/security/announce/2014/mfsa2014-12.html</url>
6161      <url>http://www.mozilla.org/security/known-vulnerabilities/</url>
6162    </references>
6163    <dates>
6164      <discovery>2014-02-04</discovery>
6165      <entry>2014-02-04</entry>
6166    </dates>
6167  </vuln>
6168
6169  <vuln vid="111f1f84-1d14-4ff2-a9ea-cf07119c0d3b">
6170    <topic>libyaml heap overflow resulting in possible code execution</topic>
6171    <affects>
6172      <package>
6173	<name>libyaml</name>
6174	<range><lt>0.1.4_3</lt></range>
6175      </package>
6176      <package>
6177	<name>pkg</name>
6178	<range><lt>1.2.6</lt></range>
6179      </package>
6180      <package>
6181	<name>pkg-devel</name>
6182	<range><lt>1.2.6</lt></range>
6183      </package>
6184    </affects>
6185    <description>
6186      <body xmlns="http://www.w3.org/1999/xhtml">
6187	<p>libyaml was prone to a heap overflow that could result in
6188	  arbitrary code execution. Pkg uses libyaml to parse
6189	  the package manifests in some cases. Pkg also used libyaml
6190	  to parse the remote repository until 1.2.</p>
6191	<p>RedHat Product Security Team reports on libyaml:</p>
6192	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1033990">
6193	  <p>A heap-based buffer overflow flaw was found in the way libyaml
6194	    parsed YAML tags. A remote attacker could provide a
6195	    specially-crafted YAML document that, when parsed by an application
6196	    using libyaml, would cause the application to crash or, potentially,
6197	    execute arbitrary code with the privileges of the user running the
6198	    application.</p>
6199	</blockquote>
6200      </body>
6201    </description>
6202    <references>
6203      <cvename>CVE-2013-6393</cvename>
6204      <url>https://bugzilla.redhat.com/show_bug.cgi?id=1033990</url>
6205    </references>
6206    <dates>
6207      <discovery>2013-11-24</discovery>
6208      <entry>2014-02-01</entry>
6209      <modified>2014-02-01</modified>
6210    </dates>
6211  </vuln>
6212
6213  <vuln vid="a4c9e12d-88b7-11e3-8ada-10bf48e1088e">
6214    <topic>socat -- buffer overflow with data from command line</topic>
6215    <affects>
6216      <package>
6217	<name>socat</name>
6218	<range><lt>1.7.2.3</lt></range>
6219      </package>
6220    </affects>
6221    <description>
6222      <body xmlns="http://www.w3.org/1999/xhtml">
6223	<p>Florian Weimer of the Red Hat Product Security Team reports:</p>
6224	<blockquote cite="http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt">
6225	  <p>Due to a missing check during assembly of the HTTP request line a long
6226	    target server name in the PROXY-CONNECT address can cause a stack buffer
6227	    overrun. Exploitation requires that the attacker is able to provide the
6228	    target server name to the PROXY-CONNECT address in the command line.
6229	    This can happen for example in scripts that receive data from untrusted
6230	    sources.</p>
6231	</blockquote>
6232      </body>
6233    </description>
6234    <references>
6235      <cvename>CVE-2014-0019</cvename>
6236      <url>http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt</url>
6237    </references>
6238    <dates>
6239      <discovery>2014-01-24</discovery>
6240      <entry>2014-01-29</entry>
6241    </dates>
6242  </vuln>
6243
6244  <vuln vid="c7b5d72b-886a-11e3-9533-60a44c524f57">
6245    <topic>otrs -- multiple vulnerabilities</topic>
6246    <affects>
6247      <package>
6248	<name>otrs</name>
6249	<range><lt>3.1.19</lt></range>
6250	<range><gt>3.2.*</gt><lt>3.2.14</lt></range>
6251	<range><gt>3.3.*</gt><lt>3.3.4</lt></range>
6252      </package>
6253    </affects>
6254    <description>
6255      <body xmlns="http://www.w3.org/1999/xhtml">
6256	<p>The OTRS Project reports:</p>
6257	<blockquote cite="https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/">
6258	  <p>SQL injection issue</p>
6259	</blockquote>
6260	<blockquote cite="https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/">
6261	  <p>An attacker that managed to take over the session of a logged in customer
6262	    could create tickets and/or send follow-ups to existing tickets due to
6263	    missing challenge token checks.</p>
6264	</blockquote>
6265      </body>
6266    </description>
6267    <references>
6268      <cvename>CVE-2014-1471</cvename>
6269      <url>https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/</url>
6270      <url>https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/</url>
6271    </references>
6272    <dates>
6273      <discovery>2014-01-28</discovery>
6274      <entry>2014-01-28</entry>
6275      <modified>2014-02-06</modified>
6276    </dates>
6277  </vuln>
6278
6279  <vuln vid="080c5370-886a-11e3-9533-60a44c524f57">
6280    <cancelled superseded="c7b5d72b-886a-11e3-9533-60a44c524f57"/>
6281  </vuln>
6282
6283  <vuln vid="d1dfc4c7-8791-11e3-a371-6805ca0b3d42">
6284    <topic>rt42 -- denial-of-service attack via the email gateway</topic>
6285    <affects>
6286      <package>
6287	<name>rt42</name>
6288	<range><ge>4.2</ge><lt>4.2.1_3</lt></range>
6289	<range><ge>4.2.2</ge><lt>4.2.2_2</lt></range>
6290      </package>
6291      <package>
6292	<name>p5-Email-Address-List</name>
6293	<range><lt>0.02</lt></range>
6294      </package>
6295    </affects>
6296    <description>
6297      <body xmlns="http://www.w3.org/1999/xhtml">
6298	<p>The RT development team reports:</p>
6299	<blockquote cite="http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html">
6300	  <p>Versions of RT between 4.2.0 and 4.2.2 (inclusive) are
6301	    vulnerable to a denial-of-service attack via the email
6302	    gateway; any installation which accepts mail from untrusted
6303	    sources is vulnerable, regardless of the permissions
6304	    configuration inside RT. This vulnerability is assigned
6305	    CVE-2014-1474.</p>
6306	  <p>This vulnerability is caused by poor parsing performance
6307	    in the Email::Address::List module, which RT depends on. We
6308	    recommend that affected users upgrade their version of
6309	    Email::Address::List to v0.02 or above, which resolves the
6310	    issue. Due to a communications mishap, the release on CPAN
6311	    will temporarily appear as "unauthorized," and the
6312	    command-line cpan client will hence not install it. We
6313	    expect this to be resolved shortly; in the meantime, the
6314	    release is also available from our server.</p>
6315	</blockquote>
6316      </body>
6317    </description>
6318    <references>
6319      <cvename>CVE-2014-1474</cvename>
6320      <url>http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html</url>
6321    </references>
6322    <dates>
6323      <discovery>2014-01-27</discovery>
6324      <entry>2014-01-27</entry>
6325    </dates>
6326  </vuln>
6327
6328  <vuln vid="efa663eb-8754-11e3-9a47-00163e1ed244">
6329    <topic>strongswan -- multiple DoS vulnerabilities</topic>
6330    <affects>
6331      <package>
6332	<name>strongswan</name>
6333	<range><lt>5.1.1</lt></range>
6334      </package>
6335    </affects>
6336    <description>
6337      <body xmlns="http://www.w3.org/1999/xhtml">
6338	<p>strongSwan Project reports:</p>
6339	<blockquote cite="http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html">
6340	  <p>A DoS vulnerability triggered by crafted IKEv1 fragmentation
6341	    payloads was discovered in strongSwan's IKE daemon charon. All
6342	    versions since 5.0.2 are affected.</p>
6343	</blockquote>
6344	<blockquote cite="http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html">
6345	  <p>A DoS vulnerability and potential authorization bypass triggered
6346	    by a crafted ID_DER_ASN1_DN ID payload was discovered in strongSwan.
6347	    All versions since 4.3.3 are affected.</p>
6348	</blockquote>
6349	<blockquote cite="http://www.strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html">
6350	  <p>A DoS vulnerability in strongSwan was discovered, which is
6351	    triggered by XAuth usernames and EAP identities in versions
6352	    5.0.3 and 5.0.4.</p>
6353	</blockquote>
6354      </body>
6355    </description>
6356    <references>
6357      <cvename>CVE-2013-5018</cvename>
6358      <cvename>CVE-2013-6075</cvename>
6359      <cvename>CVE-2013-6076</cvename>
6360      <url>http://www.strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html</url>
6361      <url>http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html</url>
6362      <url>http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html</url>
6363    </references>
6364    <dates>
6365      <discovery>2013-11-01</discovery>
6366      <entry>2014-01-27</entry>
6367    </dates>
6368  </vuln>
6369
6370  <vuln vid="d9dbe6e8-84da-11e3-98bd-080027f2d077">
6371    <topic>varnish -- DoS vulnerability in Varnish HTTP cache</topic>
6372    <affects>
6373      <package>
6374	<name>varnish</name>
6375	<range><lt>3.0.5</lt></range>
6376      </package>
6377    </affects>
6378    <description>
6379      <body xmlns="http://www.w3.org/1999/xhtml">
6380	<p>Varnish Cache Project reports:</p>
6381	<blockquote cite="https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-October/000686.html">
6382	  <p>If Varnish receives a certain illegal request, and the subroutine
6383	    'vcl_error{}' restarts the request, the varnishd worker process
6384	    will crash with an assert.
6385	  </p>
6386	  <p>The varnishd management process will restart the worker process, but
6387	    there will be a brief interruption of service and the cache will be
6388	    emptied, causing more traffic to go to the backend.
6389	  </p>
6390	  <p>We are releasing this advisory because restarting from vcl_error{} is
6391	    both fairly common and documented.</p>
6392	  <p>This is purely a denial of service vulnerability, there is no risk of
6393	    privilege escalation.</p>
6394	  <p>Workaround</p>
6395	  <p>Insert this at the top of your VCL file:</p>
6396	  <pre>
6397		sub vcl_error {
6398			if (obj.status == 400 || obj.status == 413) {
6399				return(deliver);
6400			}
6401		}
6402
6403		Or add this test at the top of your existing vcl_error{}.
6404	  </pre>
6405	</blockquote>
6406      </body>
6407    </description>
6408    <references>
6409      <cvename>CVE-2013-4484</cvename>
6410      <mlist>https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-October/000686.html</mlist>
6411    </references>
6412    <dates>
6413      <discovery>2013-10-30</discovery>
6414      <entry>2014-01-25</entry>
6415    </dates>
6416  </vuln>
6417
6418  <vuln vid="c0ef849e-84ac-11e3-bec4-9c4e36909cc0">
6419    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
6420    <affects>
6421      <package>
6422	<name>linux-f10-flashplugin</name>
6423	<range><lt>11.2r202.335</lt></range>
6424      </package>
6425    </affects>
6426    <description>
6427      <body xmlns="http://www.w3.org/1999/xhtml">
6428	<p>Adobe reports:</p>
6429	<blockquote cite="http://helpx.adobe.com/security/products/flash-player/apsb14-02.html">
6430	  <p>These updates address vulnerabilities that could cause a crash
6431	    and potentially allow an attacker to take control of the affected system.</p>
6432	</blockquote>
6433      </body>
6434    </description>
6435    <references>
6436      <cvename>CVE-2014-0491</cvename>
6437      <cvename>CVE-2014-0492</cvename>
6438      <url>http://helpx.adobe.com/security/products/flash-player/apsb14-02.html</url>
6439    </references>
6440    <dates>
6441      <discovery>2014-01-14</discovery>
6442      <entry>2014-01-24</entry>
6443    </dates>
6444  </vuln>
6445
6446  <vuln vid="6d08fa63-83bf-11e3-bdba-080027ef73ec">
6447    <topic>HTMLDOC -- buffer overflow issues when reading AFM files and parsing page sizes</topic>
6448    <affects>
6449      <package>
6450	<name>htmldoc</name>
6451	<range><lt>1.8.28</lt></range>
6452      </package>
6453    </affects>
6454    <description>
6455      <body xmlns="http://www.w3.org/1999/xhtml">
6456	<p>Michael Sweet reports:</p>
6457	<blockquote cite="http://www.msweet.org/projects.php?Z1">
6458	  <p>HTMLDOC 1.8.28 fixes some known security issues and
6459	    formatting bugs. Changes include:</p>
6460	  <ul>
6461	    <li>SECURITY: Fixed three buffer overflow issues when
6462	      reading AFM files and parsing page sizes.</li>
6463	  </ul>
6464	</blockquote>
6465      </body>
6466    </description>
6467    <references>
6468      <url>http://www.msweet.org/projects.php?Z1</url>
6469    </references>
6470    <dates>
6471      <discovery>2014-01-06</discovery>
6472      <entry>2014-01-22</entry>
6473      <modified>2014-01-23</modified>
6474    </dates>
6475  </vuln>
6476
6477  <vuln vid="81f1fdc2-7ec7-11e3-a6c6-00163e1ed244">
6478    <topic>virtualbox-ose -- local vulnerability</topic>
6479    <affects>
6480      <package>
6481	<name>virtualbox-ose</name>
6482	<range><lt>4.2.22</lt></range>
6483      </package>
6484    </affects>
6485    <description>
6486      <body xmlns="http://www.w3.org/1999/xhtml">
6487	<p>Oracle reports:</p>
6488	<blockquote cite="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html">
6489	  <p>Unspecified vulnerability in the Oracle VM VirtualBox
6490	    component in Oracle Virtualization VirtualBox prior to
6491	    3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local
6492	    users to affect confidentiality, integrity, and availability
6493	    via unknown vectors related to Core.</p>
6494	</blockquote>
6495      </body>
6496    </description>
6497    <references>
6498      <cvename>CVE-2013-5892</cvename>
6499      <url>http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</url>
6500    </references>
6501    <dates>
6502      <discovery>2014-01-15</discovery>
6503      <entry>2014-01-16</entry>
6504    </dates>
6505  </vuln>
6506
6507  <vuln vid="3d95c9a7-7d5c-11e3-a8c1-206a8a720317">
6508    <topic>ntpd DRDoS / Amplification Attack using ntpdc monlist command</topic>
6509    <affects>
6510      <package>
6511	<name>ntp</name>
6512	<range><lt>4.2.7p26</lt></range>
6513      </package>
6514      <package>
6515	<name>FreeBSD</name>
6516	<range><ge>8.3</ge><lt>8.3_14</lt></range>
6517	<range><ge>8.4</ge><lt>8.4_7</lt></range>
6518	<range><ge>9.1</ge><lt>9.1_10</lt></range>
6519	<range><ge>9.2</ge><lt>9.2_3</lt></range>
6520      </package>
6521    </affects>
6522    <description>
6523      <body xmlns="http://www.w3.org/1999/xhtml">
6524	<p>ntp.org reports:</p>
6525	<blockquote cite="http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using">
6526	  <p>Unrestricted access to the monlist feature in
6527	    ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote
6528	    attackers to cause a denial of service (traffic
6529	    amplification) via forged (1) REQ_MON_GETLIST or (2)
6530	    REQ_MON_GETLIST_1 requests, as exploited in the wild in
6531	    December 2013</p>
6532	  <p>Use noquery to your default restrictions to block all
6533	    status queries.</p>
6534	  <p>Use disable monitor to disable the ``ntpdc -c monlist''
6535	    command while still allowing other status queries.</p>
6536	</blockquote>
6537      </body>
6538    </description>
6539    <references>
6540      <cvename>CVE-2013-5211</cvename>
6541      <freebsdsa>SA-14:02.ntpd</freebsdsa>
6542      <url>http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using</url>
6543    </references>
6544    <dates>
6545      <discovery>2014-01-01</discovery>
6546      <entry>2014-01-14</entry>
6547      <modified>2016-08-09</modified>
6548    </dates>
6549  </vuln>
6550
6551  <vuln vid="ba04a373-7d20-11e3-8992-00132034b086">
6552    <topic>nagios -- denial of service vulnerability</topic>
6553    <affects>
6554      <package>
6555	<name>nagios</name>
6556	<range><lt>3.5.1_3</lt></range>
6557      </package>
6558    </affects>
6559    <description>
6560      <body xmlns="http://www.w3.org/1999/xhtml">
6561	<p>Eric Stanley reports:</p>
6562	<blockquote cite="http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/">
6563	  <p>Most CGIs previously incremented the input variable counter twice
6564	    when it encountered a long key value. This could cause the CGI to
6565	    read past the end of the list of CGI variables.</p>
6566	</blockquote>
6567      </body>
6568    </description>
6569    <references>
6570      <cvename>CVE-2013-7108</cvename>
6571      <cvename>CVE-2013-7205</cvename>
6572      <url>http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/</url>
6573      <url>https://bugzilla.redhat.com/show_bug.cgi?id=1046113</url>
6574    </references>
6575    <dates>
6576      <discovery>2013-12-20</discovery>
6577      <entry>2014-01-14</entry>
6578    </dates>
6579  </vuln>
6580
6581  <vuln vid="cb252f01-7c43-11e3-b0a6-005056a37f68">
6582    <topic>bind -- denial of service vulnerability</topic>
6583    <affects>
6584      <package>
6585	<name>bind99</name>
6586	<range><lt>9.9.4.2</lt></range>
6587      </package>
6588      <package>
6589	<name>bind99-base</name>
6590	<range><lt>9.9.4.2</lt></range>
6591      </package>
6592      <package>
6593	<name>bind98</name>
6594	<range><lt>9.8.6.2</lt></range>
6595      </package>
6596      <package>
6597	<name>bind98-base</name>
6598	<range><lt>9.8.6.2</lt></range>
6599      </package>
6600      <package>
6601	<name>bind96</name>
6602	<range><lt>9.6.3.2.ESV.R10.2</lt></range>
6603      </package>
6604      <package>
6605	<name>bind96-base</name>
6606	<range><lt>9.6.3.2.ESV.R10.2</lt></range>
6607      </package>
6608      <package>
6609	<name>FreeBSD</name>
6610	<range><ge>9.2</ge><lt>9.2_3</lt></range>
6611	<range><ge>9.1</ge><lt>9.1_10</lt></range>
6612	<range><ge>8.4</ge><lt>8.4_7</lt></range>
6613	<range><ge>8.3</ge><lt>8.3_14</lt></range>
6614      </package>
6615    </affects>
6616    <description>
6617      <body xmlns="http://www.w3.org/1999/xhtml">
6618	<p>ISC reports:</p>
6619	<blockquote cite="https://kb.isc.org/article/AA-01078/74/">
6620	  <p>Because of a defect in handling queries for NSEC3-signed zones,
6621	    BIND can crash with an "INSIST" failure in name.c when processing
6622	    queries possessing certain properties. By exploiting this defect
6623	    an attacker deliberately constructing a query with the right
6624	    properties could achieve denial of service against an authoritative
6625	    nameserver serving NSEC3-signed zones.</p>
6626	</blockquote>
6627      </body>
6628    </description>
6629    <references>
6630      <cvename>CVE-2014-0591</cvename>
6631      <freebsdsa>SA-14:04.bind</freebsdsa>
6632      <url>https://kb.isc.org/article/AA-01078/74/</url>
6633    </references>
6634    <dates>
6635      <discovery>2014-01-08</discovery>
6636      <entry>2014-01-13</entry>
6637      <modified>2016-08-09</modified>
6638    </dates>
6639  </vuln>
6640
6641  <vuln vid="28c575fa-784e-11e3-8249-001cc0380077">
6642    <topic>libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont</topic>
6643    <affects>
6644      <package>
6645	<name>libXfont</name>
6646	<range><lt>1.4.7,1</lt></range>
6647      </package>
6648    </affects>
6649    <description>
6650      <body xmlns="http://www.w3.org/1999/xhtml">
6651	<p>freedesktop.org reports:</p>
6652	<blockquote cite="http://lists.x.org/archives/xorg-announce/2014-January/002389.html">
6653	  <p>A BDF font file containing a longer than expected string can cause
6654	    a buffer overflow on the stack.  Testing in X servers built with
6655	    Stack Protector restulted in an immediate crash when reading a
6656	    user-proveded specially crafted font.</p>
6657	  <p>As libXfont is used to read user-specified font files in all X
6658	    servers distributed by X.Org, including the Xorg server which is
6659	    often run with root privileges or as setuid-root in order to access
6660	    hardware, this bug may lead to an unprivileged user acquiring root
6661	    privileges in some systems.</p>
6662	</blockquote>
6663      </body>
6664    </description>
6665    <references>
6666      <cvename>CVE-2013-6462</cvename>
6667      <url>http://lists.x.org/archives/xorg-announce/2014-January/002389.html</url>
6668    </references>
6669    <dates>
6670      <discovery>2013-12-24</discovery>
6671      <entry>2014-01-08</entry>
6672    </dates>
6673  </vuln>
6674
6675  <vuln vid="5aaa257e-772d-11e3-a65a-3c970e169bc2">
6676    <topic>openssl -- multiple vulnerabilities</topic>
6677    <affects>
6678      <package>
6679	<name>openssl</name>
6680	<range><lt>1.0.1_9</lt></range>
6681      </package>
6682    </affects>
6683    <description>
6684      <body xmlns="http://www.w3.org/1999/xhtml">
6685	<p>OpenSSL development team reports:</p>
6686	<blockquote cite="http://www.openssl.org/news/openssl-1.0.1-notes.html">
6687	  <p>Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]:</p>
6688	  <ul>
6689	    <li>Fix for TLS record tampering bug [CVE-2013-4353]</li>
6690	    <li>Fix for TLS version checking bug [CVE-2013-6449]</li>
6691	    <li>Fix for DTLS retransmission bug [CVE-2013-6450]</li>
6692	  </ul>
6693	</blockquote>
6694      </body>
6695    </description>
6696    <references>
6697      <freebsdsa>SA-14:03.openssl</freebsdsa>
6698      <cvename>CVE-2013-4353</cvename>
6699      <cvename>CVE-2013-6449</cvename>
6700      <cvename>CVE-2013-6450</cvename>
6701      <url>http://www.openssl.org/news/openssl-1.0.1-notes.html</url>
6702    </references>
6703    <dates>
6704      <discovery>2014-01-06</discovery>
6705      <entry>2014-01-06</entry>
6706      <modified>2016-08-09</modified>
6707    </dates>
6708  </vuln>
6709