Date: Mon, 2 Mar 2020 08:56:46 +0000 (UTC) From: Mateusz Piotrowski <0mp@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r527617 - head/security/vuxml Message-ID: <202003020856.0228uk1M041204@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: 0mp Date: Mon Mar 2 08:56:46 2020 New Revision: 527617 URL: https://svnweb.freebsd.org/changeset/ports/527617 Log: Document some audio/timidity++* vulnerabilities PR: 244429 Reported by: pi Security: CVE-2017-11546 Security: CVE-2017-11547 Security: CVE-2017-11549 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Mar 2 08:09:57 2020 (r527616) +++ head/security/vuxml/vuln.xml Mon Mar 2 08:56:46 2020 (r527617) @@ -58,6 +58,70 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="d37407bd-5c5f-11ea-bb2a-8c164582fbac"> + <topic>TiMidity++ -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>timidity++</name> + <range><lt>2.15.0</lt></range> + </package> + <package> + <name>timidity++-emacs</name> + <range><lt>2.15.0</lt></range> + </package> + <package> + <name>timidity++-gtk</name> + <range><lt>2.15.0</lt></range> + </package> + <package> + <name>timidity++-motif</name> + <range><lt>2.15.0</lt></range> + </package> + <package> + <name>timidity++-slang</name> + <range><lt>2.15.0</lt></range> + </package> + <package> + <name>timidity++-tcltk</name> + <range><lt>2.15.0</lt></range> + </package> + <package> + <name>timidity++-xaw</name> + <range><lt>2.15.0</lt></range> + </package> + <package> + <name>timidity++-xskin</name> + <range><lt>2.15.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>qflb.wu of DBAPPSecurity reports:</p> + <blockquote cite="https://seclists.org/fulldisclosure/2017/Jul/83"> + <p>Ihe insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 + can cause a denial of service(divide-by-zero error and application + crash) via a crafted mid file.</p> + <p>The resample_gauss function in resample.c in TiMidity++ 2.14.0 + can cause a denial of service(heap-buffer-overflow) via a crafted + mid file.</p> + <p>The play_midi function in playmidi.c in TiMidity++ 2.14.0 can + cause a denial of service(large loop and CPU consumption) via + a crafted mid file.</p> + </blockquote> + </body> + </description> + <references> + <url>https://seclists.org/fulldisclosure/2017/Jul/83</url> + <cvename>CVE-2017-11546</cvename> + <cvename>CVE-2017-11547</cvename> + <cvename>CVE-2017-11549</cvename> + </references> + <dates> + <discovery>2017-07-31</discovery> + <entry>2020-03-02</entry> + </dates> + </vuln> + <vuln vid="e59cb761-5ad8-11ea-abb7-001b217b3468"> <topic>Solr -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003020856.0228uk1M041204>