Date: Fri, 7 Apr 2017 14:26:14 +0000 (UTC) From: Dominic Fandrey <kami@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r437926 - head/security/vuxml Message-ID: <201704071426.v37EQEd6088502@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kami Date: Fri Apr 7 14:26:14 2017 New Revision: 437926 URL: https://svnweb.freebsd.org/changeset/ports/437926 Log: security/vuxml: Add id Tech 3 remote code execution PR: 217911 Reviewed by: delphij, #ports_secteam Approved by: delphij, #ports_secteam Security: CVE-2017-6903 Differential Revision: https://reviews.freebsd.org/D10244 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Apr 7 14:12:20 2017 (r437925) +++ head/security/vuxml/vuln.xml Fri Apr 7 14:26:14 2017 (r437926) @@ -58,6 +58,45 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="e48355d7-1548-11e7-8611-0090f5f2f347"> + <topic>id Tech 3 -- remote code execution vulnerability</topic> + <affects> + <package> + <name>ioquake3</name> + <range><lt>1.36_16</lt></range> + </package> + <package> + <name>ioquake3-devel</name> + <range><lt>g2930</lt></range> + </package> + <package> + <name>iourbanterror</name> + <range><lt>4.3.2,1</lt></range> + </package> + <package> + <name>openarena</name> + <range><lt>0.8.8.s1910_3,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The content auto-download of id Tech 3 can be used to deliver + maliciously crafted content, that triggers downloading of + further content and loading and executing it as native code + with user credentials. This affects ioquake3, ioUrbanTerror, + OpenArena, the original Quake 3 Arena and other forks.</p> + </body> + </description> + <references> + <cvename>CVE-2017-6903</cvename> + <url>https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/</url>; + </references> + <dates> + <discovery>2017-03-14</discovery> + <entry>2017-04-07</entry> + </dates> + </vuln> + <vuln vid="90becf7c-1acf-11e7-970f-002590263bf5"> <topic>xen-kernel -- broken check in memory_exchange() permits PV guest breakout</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704071426.v37EQEd6088502>