Date: Sat, 18 Aug 2012 08:39:39 +0000 (UTC) From: Doug Barton <dougb@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r302713 - in head/security: libotr vuxml Message-ID: <201208180839.q7I8ddm2096742@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dougb Date: Sat Aug 18 08:39:39 2012 New Revision: 302713 URL: http://svn.freebsd.org/changeset/ports/302713 Log: 14 August 2012 libotr version 3.2.1 released Versions 3.2.0 and earlier of libotr contain a small heap write overrun (thanks to Justin Ferguson for the report), and a large heap read overrun (thanks to Ben Hawkes for the report). Add a vuxml entry, and tune up the notes about adding a new entry. Modified: head/security/libotr/Makefile head/security/libotr/distinfo head/security/vuxml/vuln.xml Modified: head/security/libotr/Makefile ============================================================================== --- head/security/libotr/Makefile Sat Aug 18 08:32:03 2012 (r302712) +++ head/security/libotr/Makefile Sat Aug 18 08:39:39 2012 (r302713) @@ -7,10 +7,10 @@ # PORTNAME= libotr -PORTVERSION= 3.2.0 +PORTVERSION= 3.2.1 # Please do not bump PORTREVISION for this port unless you have # confirmed via testing that it is necessary -PORTREVISION= 4 +PORTREVISION= 0 CATEGORIES= security MASTER_SITES= http://www.cypherpunks.ca/otr/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc Modified: head/security/libotr/distinfo ============================================================================== --- head/security/libotr/distinfo Sat Aug 18 08:32:03 2012 (r302712) +++ head/security/libotr/distinfo Sat Aug 18 08:39:39 2012 (r302713) @@ -1,4 +1,4 @@ -SHA256 (libotr-3.2.0.tar.gz) = d83b9d20e36e2a4a55e5336f15d1d218d627bc0af7af94e3835bdc8b6d8b6693 -SIZE (libotr-3.2.0.tar.gz) = 430299 -SHA256 (libotr-3.2.0.tar.gz.asc) = ac0cdb8ec410cf35c632aee2b0d9d75525a2d59361d3b23002f598e35ac79f65 -SIZE (libotr-3.2.0.tar.gz.asc) = 191 +SHA256 (libotr-3.2.1.tar.gz) = d428eaa584984baa09450cca07742e0ac8fc62401f3a1c556e3025023369cdf4 +SIZE (libotr-3.2.1.tar.gz) = 414684 +SHA256 (libotr-3.2.1.tar.gz.asc) = 8ec08871018ce41bb4f631f5672daeaab72e9ea1b8913b3ddad22b9672a5e2b4 +SIZE (libotr-3.2.1.tar.gz.asc) = 190 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Aug 18 08:32:03 2012 (r302712) +++ head/security/vuxml/vuln.xml Sat Aug 18 08:39:39 2012 (r302713) @@ -37,21 +37,58 @@ QUICK GUIDE TO ADDING A NEW ENTRY 2. fill in the template 3. use 'make validate' to verify syntax correctness (you might need to install textproc/libxml2 for parser, and this port for catalogs) -4. run 'make tidy' and then diff vuln.xml and vuln.xml.tidy - there should be - no difference. -5. ??? -6. profit! +4. fix any errors +5. profit! -Extensive documentation of the format is available in Porter's Handbook at +Extensive documentation of the format and help with writing and verifying +a new entry is available in The Porter's Handbook at: http://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html -Help is available from ports-security@freebsd.org +Help is also available from ports-security@freebsd.org. Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="c651c898-e90d-11e1-b230-0024e830109b"> + <topic>libotr -- buffer overflows</topic> + <affects> + <package> + <name>libotr</name> + <range><lt>3.2.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>OTR developers report:</p> + <blockquote cite="http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html"> + <p>The otrl_base64_otr_decode() function and similar functions within OTR + suffer from buffer overflows in the case of malformed input; + specifically if a message of the format of "?OTR:===." is received + then a zero-byte allocation is performed without a similar correlation + between the subsequent base64 decoding write, as such it becomes + possible to write between zero and three bytes incorrectly to the + heap, albeit only with a value of '='.</p> + <p>Because this code path is highly utilized, specifically in the + reception of instant messages over pidgin or similar, this + vulnerability is considered severe even though in many platforms and + circumstances the bug would yield an unexploitable state and result + simply in denial of service.</p> + <p>The developers of OTR promptly fixed the errors and users of OTR are + advised to upgrade the software at the next release cycle.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-3461</cvename> + </references> + <dates> + <discovery>2012-07-27</discovery> + <entry>2012-08-18</entry> + </dates> + </vuln> + <vuln vid="0f62be39-e8e0-11e1-bea0-002354ed89bc"> <topic>OpenTTD -- Denial of Service</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208180839.q7I8ddm2096742>