Date: Sat, 25 May 2019 22:05:13 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r502660 - head/security/vuxml Message-ID: <201905252205.x4PM5DeA027368@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Sat May 25 22:05:13 2019 New Revision: 502660 URL: https://svnweb.freebsd.org/changeset/ports/502660 Log: Document curl vulnerability Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat May 25 22:04:23 2019 (r502659) +++ head/security/vuxml/vuln.xml Sat May 25 22:05:13 2019 (r502660) @@ -58,6 +58,54 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="dd343a2b-7ee7-11e9-a290-8ddc52868fa9"> + <topic>curl -- multiple vulnerabilities</topic> + <affects> + <package> + <name>curl</name> + <range><ge>7.19.4</ge><lt>7.65.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>curl security problems:</p> + <blockquote cite="https://curl.haxx.se/docs/security.html">; + <p>CVE-2019-5435: Integer overflows in curl_url_set()</p> + <p>libcurl contains two integer overflows in the curl_url_set() + function that if triggered, can lead to a too small buffer + allocation and a subsequent heap buffer overflow.</p> + <p>The flaws only exist on 32 bit architectures and require + excessive string input lengths.</p> + <p>CVE-2019-5436: TFTP receive buffer overflow</p> + <p>libcurl contains a heap buffer overflow in the function + (tftp_receive_packet()) that recevives data from a TFTP server. It + calls recvfrom() with the default size for the buffer rather than + with the size that was used to allocate it. Thus, the content that + might overwrite the heap memory is entirely controlled by the server.</p> + <p>The flaw exists if the user selects to use a "blksize" of 504 or + smaller (default is 512). The smaller size that is used, the larger + the possible overflow becomes.</p> + <p>Users chosing a smaller size than default should be rare as the + primary use case for changing the size is to make it larger.</p> + <p>It is rare for users to use TFTP across the Internet. It is most + commonly used within local networks.</p> + <p>.</p> + </blockquote> + </body> + </description> + <references> + <url>https://curl.haxx.se/docs/security.html</url>; + <url>https://curl.haxx.se/docs/CVE-2019-5435.html</url>; + <url>https://curl.haxx.se/docs/CVE-2019-5436.html</url>; + <cvename>CVE-2019-5435</cvename> + <cvename>CVE-2019-5436</cvename> + </references> + <dates> + <discovery>2019-05-22</discovery> + <entry>2019-05-25</entry> + </dates> + </vuln> + <vuln vid="8d2af843-7d8e-11e9-8464-c85b76ce9b5a"> <topic>OCaml -- Multiple Security Vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905252205.x4PM5DeA027368>