Date: Wed, 28 Oct 2020 10:25:25 +0000 (UTC) From: =?UTF-8?Q?Fernando_Apestegu=c3=ada?= <fernape@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r553531 - head/security/vuxml Message-ID: <202010281025.09SAPPwi041534@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: fernape Date: Wed Oct 28 10:25:25 2020 New Revision: 553531 URL: https://svnweb.freebsd.org/changeset/ports/553531 Log: security/vuxml: Add entry for multimedia/motion Follow up commit for 553525. For some reason, "Use MHD function for url decoding" actually means fixing CVE-2020-26566 PR: 250660 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Oct 28 10:13:07 2020 (r553530) +++ head/security/vuxml/vuln.xml Wed Oct 28 10:25:25 2020 (r553531) @@ -58,6 +58,34 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="94ffc0d9-1915-11eb-b809-b42e991fc52e"> + <topic>motion -- Denial of Service</topic> + <affects> + <package> + <name>motion</name> + <range><ge>3.2</ge><lt>4.3.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>cxsecurity.com reports:</p> + <blockquote cite="https://cxsecurity.com/cveshow/CVE-2020-26566/">; + <p>A Denial of Service condition in Motion-Project Motion 3.2 through + 4.3.1 allows remote unauthenticated users to cause a webu.c + segmentation fault and kill the main process via a crafted HTTP + request</p> + </blockquote> + </body> + </description> + <references> + <url>https://cve-search.iicrai.org/cve/CVE-2020-26566</url>; + </references> + <dates> + <discovery>2020-10-05</discovery> + <entry>2020-10-28</entry> + </dates> + </vuln> + <vuln vid="458df97f-1440-11eb-aaec-e0d55e2a8bf9"> <topic>freetype2 -- heap buffer overlfow</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202010281025.09SAPPwi041534>