FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a051a4ec-3aa1-4dd1-9bdc-a61eb5700153leafnode fetchnews denial-of-service triggered by truncated transmission

When a downloaded news article ends prematurely, i. e. when the server sends [CR]LF.[CR]LF before sending a blank line, fetchnews may wait indefinitely for data that never arrives. Workaround: configure "minlines=1" (or use a bigger value) in the configuration file. Found by Toni Viemerö.


Discovery 2004-01-08
Entry 2004-05-21
Modified 2005-05-13
leafnode
<= 1.9.47

CVE-2004-2068
http://leafnode.sourceforge.net/leafnode-SA-2004-01.txt
http://sourceforge.net/tracker/index.php?func=detail&aid=873149&group_id=57767&atid=485349
http://article.gmane.org/gmane.network.leafnode.announce/32
http://sourceforge.net/mailarchive/message.php?msg_id=6922570
ports/61105
b5ffaa2a-ee50-4498-af99-61bc1b163c00leafnode -- denial of service vulnerability

Matthias Andree reports:

A vulnerability was found in the fetchnews program (the NNTP client) that may under some circumstances cause a wait for input that never arrives, fetchnews "hangs". [...]

As only one fetchnews program can run at a time, subsequently started fetchnews and texpire programs will terminate. [...]

Upgrade your leafnode package to version 1.11.3.


Discovery 2005-06-08
Entry 2005-06-09
leafnode
< 1.11.3

CVE-2005-1911
http://leafnode.sourceforge.net/leafnode-SA-2005-02.txt
ports/82056
http://marc.theaimsgroup.com/?l=vulnwatch&m=111827180929063