Date: Sat, 29 Mar 2014 08:30:51 +0000 (UTC) From: Brendan Fabeny <bf@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r349486 - head/security/vuxml Message-ID: <201403290830.s2T8UpZN064875@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bf Date: Sat Mar 29 08:30:51 2014 New Revision: 349486 URL: http://svnweb.freebsd.org/changeset/ports/349486 QAT: https://qat.redports.org/buildarchive/r349486/ Log: Add an entry for CVE-2014-2270, and correct the indentation in the entry for CVE-2014-1943 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Mar 29 08:17:53 2014 (r349485) +++ head/security/vuxml/vuln.xml Sat Mar 29 08:30:51 2014 (r349486) @@ -51,6 +51,34 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="7e61a839-b714-11e3-8195-001966155bea"> + <topic>file -- out-of-bounds access in search rules with offsets from input file</topic> + <affects> + <package> + <name>file</name> + <range><lt>5.18</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Aaron Reffett reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270">; + <p>softmagic.c in file ... and libmagic allows context-dependent + attackers to cause a denial of service (out-of-bounds memory access and + crash) via crafted offsets in the softmagic of a PE executable.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-2270</cvename> + <url>http://bugs.gw.com/view.php?id=31</url>; + </references> + <dates> + <discovery>2013-12-20</discovery> + <entry>2014-03-29</entry> + </dates> + </vuln> + <vuln vid="9fa1a0ac-b2e0-11e3-bb07-6cf0490a8c18"> <topic>Joomla! -- Core - Multiple Vulnerabilities</topic> <affects> @@ -820,9 +848,9 @@ Note: Please add new entries to the beg <body xmlns="http://www.w3.org/1999/xhtml">; <p>The Fine Free file project reports:</p> <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943">; - <p>... file before 5.17 allows context-dependent attackers to - cause a denial of service (infinite recursion, CPU consumption, and - crash) via a crafted indirect offset value in the magic of a file.</p> + <p>file before 5.17 allows context-dependent attackers to + cause a denial of service (infinite recursion, CPU consumption, and + crash) via a crafted indirect offset value in the magic of a file.</p> </blockquote> </body> </description>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403290830.s2T8UpZN064875>