Date: Wed, 1 Oct 2014 22:12:11 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r369772 - head/security/vuxml Message-ID: <201410012212.s91MCBX7045049@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Wed Oct 1 22:12:11 2014 New Revision: 369772 URL: https://svnweb.freebsd.org/changeset/ports/369772 QAT: https://qat.redports.org/buildarchive/r369772/ Log: - Document CVE-2014-7187 fixed in bash-4.3.27_1 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Oct 1 22:10:46 2014 (r369771) +++ head/security/vuxml/vuln.xml Wed Oct 1 22:12:11 2014 (r369772) @@ -105,11 +105,18 @@ Notes: possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.</p> </blockquote> + <blockquote cite="https://access.redhat.com/security/cve/CVE-2014-7187"> + <p>An off-by-one error was discovered in the way Bash was handling + deeply nested flow control constructs. Depending on the layout of + the .bss segment, this could allow arbitrary execution of code that + would not otherwise be executed by Bash.</p> + </blockquote> </body> </description> <references> <url>https://access.redhat.com/security/cve/CVE-2014-7186</url> <cvename>CVE-2014-7186</cvename> + <cvename>CVE-2014-7187</cvename> </references> <dates> <discovery>2014-09-25</discovery>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410012212.s91MCBX7045049>