From owner-svn-ports-head@FreeBSD.ORG Sat Aug 18 08:39:39 2012 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F11B0106566C; Sat, 18 Aug 2012 08:39:39 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id D277D8FC12; Sat, 18 Aug 2012 08:39:39 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7I8ddAC096746; Sat, 18 Aug 2012 08:39:39 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7I8ddm2096742; Sat, 18 Aug 2012 08:39:39 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <201208180839.q7I8ddm2096742@svn.freebsd.org> From: Doug Barton Date: Sat, 18 Aug 2012 08:39:39 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r302713 - in head/security: libotr vuxml X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Aug 2012 08:39:40 -0000 Author: dougb Date: Sat Aug 18 08:39:39 2012 New Revision: 302713 URL: http://svn.freebsd.org/changeset/ports/302713 Log: 14 August 2012 libotr version 3.2.1 released Versions 3.2.0 and earlier of libotr contain a small heap write overrun (thanks to Justin Ferguson for the report), and a large heap read overrun (thanks to Ben Hawkes for the report). Add a vuxml entry, and tune up the notes about adding a new entry. Modified: head/security/libotr/Makefile head/security/libotr/distinfo head/security/vuxml/vuln.xml Modified: head/security/libotr/Makefile ============================================================================== --- head/security/libotr/Makefile Sat Aug 18 08:32:03 2012 (r302712) +++ head/security/libotr/Makefile Sat Aug 18 08:39:39 2012 (r302713) @@ -7,10 +7,10 @@ # PORTNAME= libotr -PORTVERSION= 3.2.0 +PORTVERSION= 3.2.1 # Please do not bump PORTREVISION for this port unless you have # confirmed via testing that it is necessary -PORTREVISION= 4 +PORTREVISION= 0 CATEGORIES= security MASTER_SITES= http://www.cypherpunks.ca/otr/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc Modified: head/security/libotr/distinfo ============================================================================== --- head/security/libotr/distinfo Sat Aug 18 08:32:03 2012 (r302712) +++ head/security/libotr/distinfo Sat Aug 18 08:39:39 2012 (r302713) @@ -1,4 +1,4 @@ -SHA256 (libotr-3.2.0.tar.gz) = d83b9d20e36e2a4a55e5336f15d1d218d627bc0af7af94e3835bdc8b6d8b6693 -SIZE (libotr-3.2.0.tar.gz) = 430299 -SHA256 (libotr-3.2.0.tar.gz.asc) = ac0cdb8ec410cf35c632aee2b0d9d75525a2d59361d3b23002f598e35ac79f65 -SIZE (libotr-3.2.0.tar.gz.asc) = 191 +SHA256 (libotr-3.2.1.tar.gz) = d428eaa584984baa09450cca07742e0ac8fc62401f3a1c556e3025023369cdf4 +SIZE (libotr-3.2.1.tar.gz) = 414684 +SHA256 (libotr-3.2.1.tar.gz.asc) = 8ec08871018ce41bb4f631f5672daeaab72e9ea1b8913b3ddad22b9672a5e2b4 +SIZE (libotr-3.2.1.tar.gz.asc) = 190 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Aug 18 08:32:03 2012 (r302712) +++ head/security/vuxml/vuln.xml Sat Aug 18 08:39:39 2012 (r302713) @@ -37,21 +37,58 @@ QUICK GUIDE TO ADDING A NEW ENTRY 2. fill in the template 3. use 'make validate' to verify syntax correctness (you might need to install textproc/libxml2 for parser, and this port for catalogs) -4. run 'make tidy' and then diff vuln.xml and vuln.xml.tidy - there should be - no difference. -5. ??? -6. profit! +4. fix any errors +5. profit! -Extensive documentation of the format is available in Porter's Handbook at +Extensive documentation of the format and help with writing and verifying +a new entry is available in The Porter's Handbook at: http://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html -Help is available from ports-security@freebsd.org +Help is also available from ports-security@freebsd.org. Note: Please add new entries to the beginning of this file. --> + + libotr -- buffer overflows + + + libotr + 3.2.1 + + + + +

OTR developers report:

+
+

The otrl_base64_otr_decode() function and similar functions within OTR + suffer from buffer overflows in the case of malformed input; + specifically if a message of the format of "?OTR:===." is received + then a zero-byte allocation is performed without a similar correlation + between the subsequent base64 decoding write, as such it becomes + possible to write between zero and three bytes incorrectly to the + heap, albeit only with a value of '='.

+

Because this code path is highly utilized, specifically in the + reception of instant messages over pidgin or similar, this + vulnerability is considered severe even though in many platforms and + circumstances the bug would yield an unexploitable state and result + simply in denial of service.

+

The developers of OTR promptly fixed the errors and users of OTR are + advised to upgrade the software at the next release cycle.

+
+ + + + CVE-2012-3461 + + + 2012-07-27 + 2012-08-18 + + + OpenTTD -- Denial of Service