From owner-svn-ports-all@FreeBSD.ORG Sat Aug 18 21:32:36 2012 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 34E38106566C for ; Sat, 18 Aug 2012 21:32:36 +0000 (UTC) (envelope-from bsd-src@helfman.org) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id EF3DE8FC12 for ; Sat, 18 Aug 2012 21:32:35 +0000 (UTC) Received: by pbbrp2 with SMTP id rp2so5460655pbb.13 for ; Sat, 18 Aug 2012 14:32:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-operating-system :organization:x-living-the-dream:x-pgp-fingerprint:x-pgp-key :user-agent:x-gm-message-state; bh=4eY0SU6sDfIDVVzzggO0ouk1aH4s0HyM4Wk6djC6Ukw=; b=NdRobFqNFx7rvscFnKnCPhgjbmHsNU40G4H2VOY2pzxUU6GptRdOZfpScV+SE6yoh7 UkO4OkC1FTi89rrl9AorvtA9UUagg0eSUiBbjYfFbq5lkcYi3FGqJQI6T8vZGf7mwX1T yaN3DPmpvZx80/ItyIgk9U4gaYgqDv6gxPR6OYfw4tAOB+tp1c/uxAVWW4adEr+9rH2Q PUEsu4nwTslEN/JCdzUxUgwWHICKTrZ69PHuzQwG1OLDYSgsStnnUY7vsLJ5YQfgqLa4 s47RAIm8u8D40rVnHW6Lsf6zZNhnYuuK0XqgTbk75uIKCeOw8uRwogb0M4xdx5+Uo/Px KWKQ== Received: by 10.68.234.7 with SMTP id ua7mr22741737pbc.91.1345325555157; Sat, 18 Aug 2012 14:32:35 -0700 (PDT) Received: from dormouse.experts-exchange.com ([72.29.164.238]) by mx.google.com with ESMTPS id io1sm7692019pbc.67.2012.08.18.14.32.33 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 18 Aug 2012 14:32:34 -0700 (PDT) Sender: Jason Helfman Date: Sat, 18 Aug 2012 14:30:24 -0700 From: Jason Helfman To: Doug Barton Message-ID: <20120818213024.GA43512@dormouse.experts-exchange.com> References: <201208180839.q7I8ddm2096742@svn.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <201208180839.q7I8ddm2096742@svn.freebsd.org> X-Operating-System: FreeBSD 8.3-RELEASE amd64 Organization: The FreeBSD Project, http://www.freebsd.org X-Living-The-Dream: I love the SLO Life! X-PGP-FingerPrint: 8E0D C457 9A0F C91C 23F3 0454 2059 9A63 4150 D3DC X-PGP-Key: http://people.freebsd.org/~jgh/jgh.asc User-Agent: Mutt/1.5.21 (2010-09-15) X-Gm-Message-State: ALoCoQlCnhaHsLnXeuaUyRrzHN6696oAhPwmAB8CsHDr+7JFwmXgVahHtM7zYi1zYdN68W/eGZOR Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r302713 - in head/security: libotr vuxml X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Aug 2012 21:32:36 -0000 >Modified: head/security/vuxml/vuln.xml >============================================================================== >--- head/security/vuxml/vuln.xml Sat Aug 18 08:32:03 2012 (r302712) >+++ head/security/vuxml/vuln.xml Sat Aug 18 08:39:39 2012 (r302713) >@@ -37,21 +37,58 @@ QUICK GUIDE TO ADDING A NEW ENTRY > 2. fill in the template > 3. use 'make validate' to verify syntax correctness (you might need to install > textproc/libxml2 for parser, and this port for catalogs) >-4. run 'make tidy' and then diff vuln.xml and vuln.xml.tidy - there should be >- no difference. >-5. ??? >-6. profit! >+4. fix any errors >+5. profit! > >-Extensive documentation of the format is available in Porter's Handbook at >+Extensive documentation of the format and help with writing and verifying >+a new entry is available in The Porter's Handbook at: > > http://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html > >-Help is available from ports-security@freebsd.org >+Help is also available from ports-security@freebsd.org. > > Note: Please add new entries to the beginning of this file. > > --> > >+ >+ libotr -- buffer overflows >+ >+ >+ libotr >+ 3.2.1 >+ >+ >+ >+ >+

OTR developers report:

>+
>+

The otrl_base64_otr_decode() function and similar functions within OTR >+ suffer from buffer overflows in the case of malformed input; >+ specifically if a message of the format of "?OTR:===." is received >+ then a zero-byte allocation is performed without a similar correlation >+ between the subsequent base64 decoding write, as such it becomes >+ possible to write between zero and three bytes incorrectly to the >+ heap, albeit only with a value of '='.

>+

Because this code path is highly utilized, specifically in the >+ reception of instant messages over pidgin or similar, this >+ vulnerability is considered severe even though in many platforms and >+ circumstances the bug would yield an unexploitable state and result >+ simply in denial of service.

>+

The developers of OTR promptly fixed the errors and users of OTR are >+ advised to upgrade the software at the next release cycle.

>+
>+ >+ >+ >+ CVE-2012-3461 >+ >+ >+ 2012-07-27 >+ 2012-08-18 >+ >+ >+ > > OpenTTD -- Denial of Service > > Thanks for the update, Doug! I did have one question though, and I know this comes up now and then. Can you please add the cited url to the reference block inside a url tag? And thank you again for the update, along with the vuxml! Always very nice when it can happen at once. -jgh -- Jason Helfman FreeBSD Committer | http://people.freebsd.org/~jgh | The Power To Serve