Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 09 Jan 2015 15:11:55 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 196640] devel/libevent2: update to 2.0.22 (to fix CVE-2014-6272)
Message-ID:  <bug-196640-13@https.bugs.freebsd.org/bugzilla/>

Next in thread | Raw E-Mail | Index | Archive | Help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196640

            Bug ID: 196640
           Summary: devel/libevent2: update to 2.0.22 (to fix
                    CVE-2014-6272)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: security
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: mm@FreeBSD.org
          Reporter: jbeich@vfemail.net
          Assignee: mm@FreeBSD.org
             Flags: maintainer-feedback?(mm@FreeBSD.org)

<vuln vid="8a78bd4b-1e88-43bd-9bfa-5aa29cb979c2">
    <topic>libevent -- integer overflow in evbuffers</topic>
    <affects>
      <package>
    <name>libevent</name>
    <range><lt>1.4.15</lt></range>
      </package>
      <package>
    <name>libevent2</name>
    <range><lt>2.0.22</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">;
    <p>A defect in the Libevent evbuffer API leaves some programs
      that pass insanely large inputs to evbuffers open to a
      possible heap overflow or infinite loop.
    </p>
      </body>
    </description>
    <references>
      <url>http://archives.seul.org/libevent/users/Jan-2015/msg00010.html</url>;
      <cvename>CVE-2014-6272</cvename>
    </references>
    <dates>
      <discovery>2015-01-05</discovery>
      <entry>2015-01-09</entry>
    </dates>
  </vuln>

--- Comment #1 from Bugzilla Automation <bugzilla@FreeBSD.org> ---
Auto-assigned to maintainer mm@FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?bug-196640-13>