Date: Sat, 10 Feb 2018 12:40:26 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 225804] security/vuxml: Document vulnerability in uWSGI (CVE-2018-6758) Message-ID: <bug-225804-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225804 Bug ID: 225804 Summary: security/vuxml: Document vulnerability in uWSGI (CVE-2018-6758) Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/unbit/uwsgi-docs/blob/master/Change log-2.0.16.rst OS: Any Status: New Keywords: patch, security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-secteam@FreeBSD.org Reporter: vlad-fbsd@acheronmedia.com Assignee: ports-secteam@FreeBSD.org Flags: maintainer-feedback?(ports-secteam@FreeBSD.org) Created attachment 190478 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D190478&action= =3Dedit Document CVE-2018-6758 The uwsgi_expand_path() function in core/utils.c in Unbit uWSGI before 2.0.= 16 has a stack-based buffer overflow via a large directory length. * CVE-2018-6758 * Summary: https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-6758 * Release notes: https://github.com/unbit/uwsgi-docs/blob/master/Changelog-2.0.16.rst * Upstream fix: =20 https://github.com/unbit/uwsgi/commit/ed1c3bbc6cfc4d566401526fd21ba0984dd7b= 22a --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-225804-13>