From owner-svn-ports-head@freebsd.org Thu Apr 20 15:29:22 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92AD1D48ED8; Thu, 20 Apr 2017 15:29:22 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6F461F01; Thu, 20 Apr 2017 15:29:22 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v3KFTLZc055776; Thu, 20 Apr 2017 15:29:21 GMT (envelope-from jbeich@FreeBSD.org) Received: (from jbeich@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v3KFTL43055774; Thu, 20 Apr 2017 15:29:21 GMT (envelope-from jbeich@FreeBSD.org) Message-Id: <201704201529.v3KFTL43055774@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jbeich set sender to jbeich@FreeBSD.org using -f From: Jan Beich Date: Thu, 20 Apr 2017 15:29:21 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r438968 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 15:29:22 -0000 Author: jbeich Date: Thu Apr 20 15:29:21 2017 New Revision: 438968 URL: https://svnweb.freebsd.org/changeset/ports/438968 Log: security/vuxml: mark old sndfile/samplerate/tiff as vulnerable Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Apr 20 14:58:47 2017 (r438967) +++ head/security/vuxml/vuln.xml Thu Apr 20 15:29:21 2017 (r438968) @@ -58,6 +58,216 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + tiff -- multiple vulnerabilities + + + tiff + linux-f8-tiff + linux-f10-tiff + linux-c6-tiff + linux-c7-tiff + 4.0.8 + + + + +

NVD reports:

+
LibTIFF version 4.0.7 is vulnerable to a heap buffer + overflow in the tools/tiffcp resulting in DoS or code + execution via a crafted BitsPerSample value.
+

+
The putagreytile function in tif_getimage.c in LibTIFF + 4.0.7 has a left-shift undefined behavior issue, which + might allow remote attackers to cause a denial of service + (application crash) or possibly have unspecified other + impact via a crafted image.
+

+
tif_read.c in LibTIFF 4.0.7 does not ensure that + tif_rawdata is properly initialized, which might allow + remote attackers to obtain sensitive information from + process memory via a crafted image.
+

+
The OJPEGReadHeaderInfoSecTablesDcTable function in + tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to + cause a denial of service (memory leak) via a crafted + image.
+

+
The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF + 4.0.7 allows remote attackers to cause a denial of service + (divide-by-zero error and application crash) via a crafted + image.
+

+
LibTIFF 4.0.7 has an "outside the range of + representable values of type float" undefined behavior + issue, which might allow remote attackers to cause a + denial of service (application crash) or possibly have + unspecified other impact via a crafted image.
+

+
tif_dirread.c in LibTIFF 4.0.7 has an "outside the + range of representable values of type float" undefined + behavior issue, which might allow remote attackers to + cause a denial of service (application crash) or possibly + have unspecified other impact via a crafted image.
+

+
tif_dirread.c in LibTIFF 4.0.7 might allow remote + attackers to cause a denial of service (divide-by-zero + error and application crash) via a crafted image.
+

+
LibTIFF 4.0.7 has an "outside the range of + representable values of type short" undefined behavior + issue, which might allow remote attackers to cause a + denial of service (application crash) or possibly have + unspecified other impact via a crafted image.
+

+
LibTIFF 4.0.7 has an "outside the range of + representable values of type unsigned char" undefined + behavior issue, which might allow remote attackers to + cause a denial of service (application crash) or possibly + have unspecified other impact via a crafted image.
+

+
LibTIFF 4.0.7 has a "shift exponent too large for + 64-bit type long" undefined behavior issue, which might + allow remote attackers to cause a denial of service + (application crash) or possibly have unspecified other + impact via a crafted image.
+

+
LibTIFF 4.0.7 has a signed integer overflow, which + might allow remote attackers to cause a denial of service + (application crash) or possibly have unspecified other + impact via a crafted image.
+

+ + + + CVE-2017-5225 + CVE-2017-7592 + CVE-2017-7593 + CVE-2017-7594 + CVE-2017-7595 + CVE-2017-7596 + CVE-2017-7597 + CVE-2017-7598 + CVE-2017-7599 + CVE-2017-7600 + CVE-2017-7601 + CVE-2017-7602 + https://github.com/vadz/libtiff/commit/5c080298d59e + https://github.com/vadz/libtiff/commit/48780b4fcc42 + https://github.com/vadz/libtiff/commit/d60332057b95 + https://github.com/vadz/libtiff/commit/2ea32f7372b6 + https://github.com/vadz/libtiff/commit/8283e4d1b7e5 + https://github.com/vadz/libtiff/commit/47f2fb61a3a6 + https://github.com/vadz/libtiff/commit/3cfd62d77c2a + https://github.com/vadz/libtiff/commit/3144e57770c1 + https://github.com/vadz/libtiff/commit/0a76a8c765c7 + https://github.com/vadz/libtiff/commit/66e7bd595209 + + + 2017-04-01 + 2017-04-20 + + + + + libsamplerate -- multiple vulnerabilities + + + libsamplerate + linux-c6-libsamplerate + linux-c7-libsamplerate + 0.1.9 + + + + +

NVD reports:

+
In libsamplerate before 0.1.9, a buffer over-read + occurs in the calc_output_single function in src_sinc.c + via a crafted audio file.
+

+ + + + CVE-2017-7697 + https://github.com/erikd/libsamplerate/commit/c3b66186656d + + + 2017-04-11 + 2017-04-20 + + + + + libsndfile -- multiple vulnerabilities + + + libsndfile + linux-c6-libsndfile + linux-c7-libsndfile + 1.0.28 + + + + +

NVD reports:

+
In libsndfile before 1.0.28, an error in the + "flac_buffer_copy()" function (flac.c) can be exploited to + cause a stack-based buffer overflow via a specially crafted + FLAC file.
+

+
In libsndfile before 1.0.28, an error in the + "header_read()" function (common.c) when handling ID3 tags + can be exploited to cause a stack-based buffer overflow + via a specially crafted FLAC file.
+

+
In libsndfile before 1.0.28, an error in the + "flac_buffer_copy()" function (flac.c) can be exploited to + cause a segmentation violation (with write memory access) + via a specially crafted FLAC file during a resample + attempt, a similar issue to CVE-2017-7585.
+

+
In libsndfile before 1.0.28, an error in the + "flac_buffer_copy()" function (flac.c) can be exploited to + cause a segmentation violation (with read memory access) + via a specially crafted FLAC file during a resample + attempt, a similar issue to CVE-2017-7585.
+

+ + + + CVE-2017-7585 + CVE-2017-7586 + CVE-2017-7741 + CVE-2017-7742 + https://github.com/erikd/libsndfile/commit/60b234301adf + https://github.com/erikd/libsndfile/commit/708e996c87c5 + https://github.com/erikd/libsndfile/commit/f457b7b5ecfe + https://github.com/erikd/libsndfile/commit/60b234301adf + + + 2017-04-07 + 2017-04-20 + + + cURL -- TLS session resumption client cert bypass (again)