Date: Fri, 10 Sep 2021 17:22:07 GMT From: Dmitri Goutnik <dmgk@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 07472321defa - main - security/vuxml: Document lang/go vulnerability Message-ID: <202109101722.18AHM75q094314@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by dmgk: URL: https://cgit.FreeBSD.org/ports/commit/?id=07472321defad0cbaa9a244307afca41575560e3 commit 07472321defad0cbaa9a244307afca41575560e3 Author: Dmitri Goutnik <dmgk@FreeBSD.org> AuthorDate: 2021-09-10 17:13:49 +0000 Commit: Dmitri Goutnik <dmgk@FreeBSD.org> CommitDate: 2021-09-10 17:21:33 +0000 security/vuxml: Document lang/go vulnerability --- security/vuxml/vuln-2021.xml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index b68a266fae5a..138d6323e12d 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,33 @@ + <vuln vid="4ea1082a-1259-11ec-b4fa-dd5a552bdd17"> + <topic>go -- archive/zip: overflow in preallocation check can cause OOM panic</topic> + <affects> + <package> + <name>go</name> + <range><lt>1.17.1,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Go project reports:</p> + <blockquote cite="https://github.com/golang/go/issues/47801"> + <p>An oversight in the previous fix still allows for an OOM + panic when the indicated directory size in the archive + header is so large that subtracting it from the archive + size overflows a uint64, effectively bypassing the check + that the number of files in the archive is reasonable.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-39293</cvename> + <url>https://github.com/golang/go/issues/47801</url> + </references> + <dates> + <discovery>2021-08-18</discovery> + <entry>2021-09-10</entry> + </dates> + </vuln> + <vuln vid="145ce848-1165-11ec-ac7e-08002789875b"> <topic>Python -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202109101722.18AHM75q094314>