Date: Fri, 09 Jan 2015 15:11:55 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 196640] devel/libevent2: update to 2.0.22 (to fix CVE-2014-6272) Message-ID: <bug-196640-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196640 Bug ID: 196640 Summary: devel/libevent2: update to 2.0.22 (to fix CVE-2014-6272) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: mm@FreeBSD.org Reporter: jbeich@vfemail.net Assignee: mm@FreeBSD.org Flags: maintainer-feedback?(mm@FreeBSD.org) <vuln vid="8a78bd4b-1e88-43bd-9bfa-5aa29cb979c2"> <topic>libevent -- integer overflow in evbuffers</topic> <affects> <package> <name>libevent</name> <range><lt>1.4.15</lt></range> </package> <package> <name>libevent2</name> <range><lt>2.0.22</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>A defect in the Libevent evbuffer API leaves some programs that pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. </p> </body> </description> <references> <url>http://archives.seul.org/libevent/users/Jan-2015/msg00010.html</url>; <cvename>CVE-2014-6272</cvename> </references> <dates> <discovery>2015-01-05</discovery> <entry>2015-01-09</entry> </dates> </vuln> --- Comment #1 from Bugzilla Automation <bugzilla@FreeBSD.org> --- Auto-assigned to maintainer mm@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-196640-13>