FreeBSD Mail Archives

Date:      Sat, 10 Nov 2012 14:45:55 +0000 (UTC)
From:      Jase Thew <jase@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r307282 - head/security/vuxml
Message-ID:  <201211101445.qAAEjtSe035166@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: jase
Date: Sat Nov 10 14:45:55 2012
New Revision: 307282
URL: http://svnweb.freebsd.org/changeset/ports/307282

Log:
  - Modify recent e02c572f-2af0-11e2-bb44-003067b2972c entry
  
  - Add constraints to vulnerable versions
  - Add additional references
  - Improve topic
  - Correct description
  
  Feature safe:	yes

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Sat Nov 10 14:38:29 2012	(r307281)
+++ head/security/vuxml/vuln.xml	Sat Nov 10 14:45:55 2012	(r307282)
@@ -52,32 +52,35 @@ Note:  Please add new entries to the beg
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
   <vuln vid="e02c572f-2af0-11e2-bb44-003067b2972c">
-    <topic>weechat -- crash bug from specially crafted messages</topic>
+    <topic>weechat -- Crash or freeze when decoding IRC colors in strings</topic>
     <affects>
       <package>
 	<name>weechat</name>
-	<range><le>0.3.9</le></range>
+	<range><ge>0.3.6</ge><lt>0.3.9.1</lt></range>
       </package>
       <package>
 	<name>weechat-devel</name>
-	<range><le>20121103</le></range>
+	<range><ge>20110614</ge><lt>20121110</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Sebastien Helleu reports:</p>
 	<blockquote cite="https://savannah.nongnu.org/bugs/?37704">;
-	  <p>weechat is vulnerable to a crash when sending a special coloured
-	    message.</p>
+	  <p>A buffer overflow is causing a crash or freeze of WeeChat when 
+	  decoding IRC colors in strings.</p>
 	</blockquote>
       </body>
     </description>
     <references>
       <freebsdpr>ports/173513</freebsdpr>
+      <url>http://weechat.org/security/</url>;
+      <url>https://savannah.nongnu.org/bugs/?37704</url>;
     </references>
     <dates>
       <discovery>2012-11-09</discovery>
       <entry>2012-11-10</entry>
+      <modified>2012-11-10</modified>
     </dates>
   </vuln>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211101445.qAAEjtSe035166>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation