FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 00:09:58 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
81da673e-dfe1-11e2-9389-08002798f6ff	apache-xml-security-c -- heap overflow during XPointer evaluation The Apache Software Foundation reports: The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. Discovery 2013-06-27 Entry 2013-06-28 apache-xml-security-c < 1.7.2 CVE-2013-2210 http://santuario.apache.org/secadv.data/CVE-2013-2210.txt
5786185a-9a43-11e8-b34b-6cc21735f730	xml-security-c -- crashes on malformed KeyInfo content The shibboleth project reports: SAML messages, assertions, and metadata all commonly make use of the XML Signature KeyInfo construct, which expresses information about keys and certificates used in signing or encrypting XML. The Apache Santuario XML Security for C++ library contained code paths at risk of dereferencing null pointers when processing various kinds of malformed KeyInfo hints typically found in signed or encrypted XML. The usual effect is a crash, and in the case of the Shibboleth SP software, a crash in the shibd daemon, which prevents access to protected resources until the daemon is restarted. Discovery 2018-08-03 Entry 2018-08-07 apache-xml-security-c < 2.0.1 https://shibboleth.net/community/advisories/secadv_20180803.txt

VuXML ID

Description

81da673e-dfe1-11e2-9389-08002798f6ff

apache-xml-security-c -- heap overflow during XPointer evaluation

The Apache Software Foundation reports:

The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code.

Discovery 2013-06-27
Entry 2013-06-28
apache-xml-security-c

< 1.7.2

CVE-2013-2210
http://santuario.apache.org/secadv.data/CVE-2013-2210.txt

5786185a-9a43-11e8-b34b-6cc21735f730

xml-security-c -- crashes on malformed KeyInfo content

The shibboleth project reports:

SAML messages, assertions, and metadata all commonly make use of the XML Signature KeyInfo construct, which expresses information about keys and certificates used in signing or encrypting XML.

The Apache Santuario XML Security for C++ library contained code paths at risk of dereferencing null pointers when processing various kinds of malformed KeyInfo hints typically found in signed or encrypted XML. The usual effect is a crash, and in the case of the Shibboleth SP software, a crash in the shibd daemon, which prevents access to protected resources until the daemon is restarted.

Discovery 2018-08-03
Entry 2018-08-07
apache-xml-security-c

< 2.0.1

https://shibboleth.net/community/advisories/secadv_20180803.txt