From owner-svn-ports-all@freebsd.org Fri Jul 7 07:59:56 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C7C5D9D020; Fri, 7 Jul 2017 07:59:56 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D71887043B; Fri, 7 Jul 2017 07:59:55 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v677xsnL077106; Fri, 7 Jul 2017 07:59:54 GMT (envelope-from brnrd@FreeBSD.org) Received: (from brnrd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v677xsFS077104; Fri, 7 Jul 2017 07:59:54 GMT (envelope-from brnrd@FreeBSD.org) Message-Id: <201707070759.v677xsFS077104@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brnrd set sender to brnrd@FreeBSD.org using -f From: Bernard Spil Date: Fri, 7 Jul 2017 07:59:54 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r445212 - head/security/vuxml X-SVN-Group: ports-head X-SVN-Commit-Author: brnrd X-SVN-Commit-Paths: head/security/vuxml X-SVN-Commit-Revision: 445212 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Jul 2017 07:59:56 -0000 Author: brnrd Date: Fri Jul 7 07:59:54 2017 New Revision: 445212 URL: https://svnweb.freebsd.org/changeset/ports/445212 Log: security/vuxml: Register oniguruma/php-mbstring vulns Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jul 7 07:51:52 2017 (r445211) +++ head/security/vuxml/vuln.xml Fri Jul 7 07:59:54 2017 (r445212) @@ -58,6 +58,82 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + oniguruma -- multiple vulnerabilities + + + oniguruma4 + 4.7.2 + + + oniguruma5 + 5.9.7 + + + oniguruma6 + 6.4.0 + + + php56-mbstring + 5.6.31 + + + php70-mbstring + 7.0.21 + + + php71-mbstring + 7.1.7 + + + + +

the PHP project reports:

+
+
A stack out-of-bounds read occurs in match_at() during regular + expression searching. A logical error involving order of validation + and access in match_at() could result in an out-of-bounds read from + a stack buffer (CVE-2017-9224).
+
A heap out-of-bounds write or read occurs in next_state_val() + during regular expression compilation. Octal numbers larger than 0xff + are not handled correctly in fetch_token() and fetch_token_in_cc(). + A malformed regular expression containing an octal number in the form + of '\700' would produce an invalid code point value larger than 0xff + in next_state_val(), resulting in an out-of-bounds write memory + corruption (CVE-2017-9226).
+
A stack out-of-bounds read occurs in mbc_enc_len() during regular + expression searching. Invalid handling of reg->dmin in + forward_search_range() could result in an invalid pointer dereference, + as an out-of-bounds read from a stack buffer (CVE-2017-9227).
+
A heap out-of-bounds write occurs in bitset_set_range() during + regular expression compilation due to an uninitialized variable from + an incorrect state transition. An incorrect state transition in + parse_char_class() could create an execution path that leaves a + critical local variable uninitialized until it's used as an index, + resulting in an out-of-bounds write memory corruption (CVE-2017-9228).
+
A SIGSEGV occurs in left_adjust_char_head() during regular expression + compilation. Invalid handling of reg->dmax in forward_search_range() could + result in an invalid pointer dereference, normally as an immediate + denial-of-service condition (CVE-2017-9228).
+
+

+ + + + INSERT BLOCKQUOTE URL HERE + CVE-2017-9224 + CVE-2017-9226 + CVE-2017-9227 + CVE-2017-9228 + CVE-2017-9228 + + + 2017-07-06 + 2017-07-07 + + + drupal -- Drupal Core - Multiple Vulnerabilities @@ -72,13 +148,13 @@ Notes: -

Drupal Security Team Reports:

-
CVE-2017-6920: PECL YAML parser unsafe object handling.
-
CVE-2017-6921: File REST resource does not properly validate
-
CVE-2017-6922: Files uploaded by anonymous users into a private - file system can be accessed by other anonymous users.
-

Drupal Security Team Reports:

+
CVE-2017-6920: PECL YAML parser unsafe object handling.
+
CVE-2017-6921: File REST resource does not properly validate
+
CVE-2017-6922: Files uploaded by anonymous users into a private + file system can be accessed by other anonymous users.
+