Date: Wed, 27 Sep 2017 15:20:31 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r450754 - head/security/vuxml Message-ID: <201709271520.v8RFKVne005991@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Wed Sep 27 15:20:31 2017 New Revision: 450754 URL: https://svnweb.freebsd.org/changeset/ports/450754 Log: Document libofx issue Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Sep 27 15:02:39 2017 (r450753) +++ head/security/vuxml/vuln.xml Wed Sep 27 15:20:31 2017 (r450754) @@ -58,6 +58,33 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="58fafead-cd13-472f-a9bd-d0173ba1b04c"> + <topic>libofx -- exploitable buffer overflow</topic> + <affects> + <package> + <name>libofx</name> + <range><le>0.9.11</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Talos developers report:</p> + <blockquote cite="http://www.securityfocus.com/bid/100828">; + <p>An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.securityfocus.com/bid/100828</url>; + <url>https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317</url>; + <cvename>CVE-2017-2816</cvename> + </references> + <dates> + <discovery>2017-9-13</discovery> + <entry>2017-9-27</entry> + </dates> + </vuln> + <vuln vid="3b776502-f601-44e0-87cd-b63f1b9ae42a"> <topic>sugarcrm -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709271520.v8RFKVne005991>