Date: Thu, 19 Jan 2017 04:08:50 +0000 (UTC) From: "Jason E. Hale" <jhale@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r431837 - head/security/vuxml Message-ID: <201701190408.v0J48oV9010762@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhale Date: Thu Jan 19 04:08:50 2017 New Revision: 431837 URL: https://svnweb.freebsd.org/changeset/ports/431837 Log: Document graphics/icoutils vulnerabilities Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Jan 19 03:49:19 2017 (r431836) +++ head/security/vuxml/vuln.xml Thu Jan 19 04:08:50 2017 (r431837) @@ -58,6 +58,36 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="57facd35-ddf6-11e6-915d-001b3856973b"> + <topic>icoutils -- check_offset overflow on 64-bit systems</topic> + <affects> + <package> + <name>icoutils</name> + <range><lt>0.31.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Choongwoo Han reports:</p> + <blockquote cite="http://seclists.org/oss-sec/2017/q1/38"> + <p>An exploitable crash exists in the wrestool utility on 64-bit systems + where the result of subtracting two pointers exceeds the size of int.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-5208</cvename> + <cvename>CVE-2017-5331</cvename> + <cvename>CVE-2017-5332</cvename> + <cvename>CVE-2017-5333</cvename> + <url>http://seclists.org/oss-sec/2017/q1/38</url> + </references> + <dates> + <discovery>2017-01-03</discovery> + <entry>2017-01-19</entry> + </dates> + </vuln> + <vuln vid="4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf"> <topic>mysql -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701190408.v0J48oV9010762>