Date: Sat, 18 Aug 2012 14:30:24 -0700 From: Jason Helfman <jgh@FreeBSD.org> To: Doug Barton <dougb@FreeBSD.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r302713 - in head/security: libotr vuxml Message-ID: <20120818213024.GA43512@dormouse.experts-exchange.com> In-Reply-To: <201208180839.q7I8ddm2096742@svn.freebsd.org> References: <201208180839.q7I8ddm2096742@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>Modified: head/security/vuxml/vuln.xml >============================================================================== >--- head/security/vuxml/vuln.xml Sat Aug 18 08:32:03 2012 (r302712) >+++ head/security/vuxml/vuln.xml Sat Aug 18 08:39:39 2012 (r302713) >@@ -37,21 +37,58 @@ QUICK GUIDE TO ADDING A NEW ENTRY > 2. fill in the template > 3. use 'make validate' to verify syntax correctness (you might need to install > textproc/libxml2 for parser, and this port for catalogs) >-4. run 'make tidy' and then diff vuln.xml and vuln.xml.tidy - there should be >- no difference. >-5. ??? >-6. profit! >+4. fix any errors >+5. profit! > >-Extensive documentation of the format is available in Porter's Handbook at >+Extensive documentation of the format and help with writing and verifying >+a new entry is available in The Porter's Handbook at: > > http://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html > >-Help is available from ports-security@freebsd.org >+Help is also available from ports-security@freebsd.org. > > Note: Please add new entries to the beginning of this file. > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; >+ <vuln vid="c651c898-e90d-11e1-b230-0024e830109b"> >+ <topic>libotr -- buffer overflows</topic> >+ <affects> >+ <package> >+ <name>libotr</name> >+ <range><lt>3.2.1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml">; >+ <p>OTR developers report:</p> >+ <blockquote cite="http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html">; >+ <p>The otrl_base64_otr_decode() function and similar functions within OTR >+ suffer from buffer overflows in the case of malformed input; >+ specifically if a message of the format of "?OTR:===." is received >+ then a zero-byte allocation is performed without a similar correlation >+ between the subsequent base64 decoding write, as such it becomes >+ possible to write between zero and three bytes incorrectly to the >+ heap, albeit only with a value of '='.</p> >+ <p>Because this code path is highly utilized, specifically in the >+ reception of instant messages over pidgin or similar, this >+ vulnerability is considered severe even though in many platforms and >+ circumstances the bug would yield an unexploitable state and result >+ simply in denial of service.</p> >+ <p>The developers of OTR promptly fixed the errors and users of OTR are >+ advised to upgrade the software at the next release cycle.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2012-3461</cvename> >+ </references> >+ <dates> >+ <discovery>2012-07-27</discovery> >+ <entry>2012-08-18</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="0f62be39-e8e0-11e1-bea0-002354ed89bc"> > <topic>OpenTTD -- Denial of Service</topic> > <affects> > Thanks for the update, Doug! I did have one question though, and I know this comes up now and then. Can you please add the cited url to the reference block inside a url tag? And thank you again for the update, along with the vuxml! Always very nice when it can happen at once. -jgh -- Jason Helfman FreeBSD Committer | http://people.freebsd.org/~jgh | The Power To Serve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120818213024.GA43512>