Date: Fri, 3 Jul 2020 06:02:40 +0000 (UTC) From: "Tobias C. Berner" <tcberner@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r541073 - head/security/vuxml Message-ID: <202007030602.06362efA021059@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tcberner Date: Fri Jul 3 06:02:40 2020 New Revision: 541073 URL: https://svnweb.freebsd.org/changeset/ports/541073 Log: Document vulnerability in dbus < 2.12.18 * See [1] for details. * The port is already updated to 2.12.18. [1] https://gitlab.freedesktop.org/dbus/dbus/-/issues/294 PR: 247340 Submitted by: rob2g2 <spam123@bitbert.com> Security: CVE-2020-12049 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jul 3 05:45:38 2020 (r541072) +++ head/security/vuxml/vuln.xml Fri Jul 3 06:02:40 2020 (r541073) @@ -58,6 +58,34 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="27616957-b084-11ea-937b-b42e99a1b9c3"> + <topic>dbus file descriptor leak</topic> + <affects> + <package> + <name>dbus</name> + <range><lt>1.12.18</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>GitHub Security Lab reports:</p> + <blockquote cite="https://gitlab.freedesktop.org/dbus/dbus/-/issues/294"> + <p>D-Bus has a file descriptor leak, which can lead to denial of service when the dbus-daemon runs out of file descriptors. + An unprivileged local attacker can use this to attack the system dbus-daemon, leading to denial of service for all users of the machine.</p> + </blockquote> + </body> + </description> + <references> + <url>https://gitlab.freedesktop.org/dbus/dbus/-/issues/294</url> + <url>https://www.openwall.com/lists/oss-security/2020/06/04/3</url> + <cvename>CVE-2020-12049</cvename> + </references> + <dates> + <discovery>2020-04-09</discovery> + <entry>2020-07-03</entry> + </dates> + </vuln> + <vuln vid="0a305431-bc98-11ea-a051-001b217b3468"> <topic>Gitlab -- Multiple Vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202007030602.06362efA021059>