FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
ce680f0a-eea6-11e1-8bd8-0022156e8794	squidclamav -- cross-site scripting in default virus warning pages SquidClamav developers report: This release fix several security issues by escaping CGI parameters. Prior to versions 6.7 and 5.8, CGI script clwarn.cgi was not properly sanitizing input variables, so they could be used to inject arbitrary strings to the generated page, leading to the cross-site scripting attacks. Discovery 2012-07-24 Entry 2012-08-25 squidclamav < 5.8 >= 6.0 lt 6.7 CVE-2012-4667 http://squidclamav.darold.net/news.html
8defa0f9-ee8a-11e1-8bd8-0022156e8794	squidclamav -- Denial of Service SquidClamav developers report: Add a workaround for a squidGuard bug that unescape the URL and send it back unescaped. This result in garbage staying into pipe of the system command call and could crash squidclamav on next read or return false information. This is specially true with URL containing the %0D or %0A character. This vulnerability can be triggered only in configurations where external chained URL checker is configured via "squidguard" directive. Discovery 2012-07-24 Entry 2012-08-25 Modified 2012-09-04 squidclamav < 5.7_1 >= 6.0 lt 6.7 CVE-2012-3501 http://squidclamav.darold.net/news.html

VuXML ID

Description

ce680f0a-eea6-11e1-8bd8-0022156e8794

squidclamav -- cross-site scripting in default virus warning pages

SquidClamav developers report:

This release fix several security issues by escaping CGI parameters.

Prior to versions 6.7 and 5.8, CGI script clwarn.cgi was not properly sanitizing input variables, so they could be used to inject arbitrary strings to the generated page, leading to the cross-site scripting attacks.

Discovery 2012-07-24
Entry 2012-08-25
squidclamav

< 5.8

>= 6.0 lt 6.7

CVE-2012-4667
http://squidclamav.darold.net/news.html

8defa0f9-ee8a-11e1-8bd8-0022156e8794

squidclamav -- Denial of Service

SquidClamav developers report:

Add a workaround for a squidGuard bug that unescape the URL and send it back unescaped. This result in garbage staying into pipe of the system command call and could crash squidclamav on next read or return false information. This is specially true with URL containing the %0D or %0A character.

This vulnerability can be triggered only in configurations where external chained URL checker is configured via "squidguard" directive.

Discovery 2012-07-24
Entry 2012-08-25
Modified 2012-09-04
squidclamav

< 5.7_1

>= 6.0 lt 6.7

CVE-2012-3501
http://squidclamav.darold.net/news.html