Adding VuXML record for vulnerability CVE-2017-15924 in net/shadowsocks-libev.

D14200 (part I).

The next commit will update net/shadowsocks-libev and fix this
vulnerability.

PR:		225442
Submitted by:	myself
Approved by:	adamw (mentor)
Differential Revision:	https://reviews.freebsd.org/D14200
This commit is contained in:
Yuri Victorovich 2018-02-05 05:07:24 +00:00
parent c34cc9da29
commit 575834304a
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=460961

View File

@ -58,6 +58,32 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="3746de31-0a1a-11e8-83e7-485b3931c969">
<topic> shadowsocks-libev -- command injection via shell metacharacters </topic>
<affects>
<package>
<name>shadowsocks-libev</name>
<range><ge>3.1.0</ge><lt>3.1.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MITRE reports:</p>
<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15924">
<p>Improper parsing allows command injection via shell metacharacters in
a JSON configuration request received via 127.0.0.1 UDP traffic.</p>
</blockquote>
</body>
</description>
<references>
<url>https://nvd.nist.gov/vuln/detail/CVE-2017-15924</url>
</references>
<dates>
<discovery>2017-10-27</discovery>
<entry>2018-02-05</entry>
</dates>
</vuln>
<vuln vid="5044bd23-08cb-11e8-b08f-00012e582166">
<topic>palemoon -- multiple vulnerabilities</topic>
<affects>