From owner-svn-ports-all@FreeBSD.ORG Fri Jan 16 08:18:15 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 61FF651A; Fri, 16 Jan 2015 08:18:15 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 33F6DB8E; Fri, 16 Jan 2015 08:18:15 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t0G8IF1w016299; Fri, 16 Jan 2015 08:18:15 GMT (envelope-from ehaupt@FreeBSD.org) Received: (from ehaupt@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t0G8IEoF016298; Fri, 16 Jan 2015 08:18:14 GMT (envelope-from ehaupt@FreeBSD.org) Message-Id: <201501160818.t0G8IEoF016298@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: ehaupt set sender to ehaupt@FreeBSD.org using -f From: Emanuel Haupt Date: Fri, 16 Jan 2015 08:18:14 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r377155 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2015 08:18:15 -0000 Author: ehaupt Date: Fri Jan 16 08:18:13 2015 New Revision: 377155 URL: https://svnweb.freebsd.org/changeset/ports/377155 QAT: https://qat.redports.org/buildarchive/r377155/ Log: Document multiple archivers/unzip vulnerabilities (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141). PR: 196777 (based on) Submitted by: rsimmons0@gmail.com Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jan 16 07:45:52 2015 (r377154) +++ head/security/vuxml/vuln.xml Fri Jan 16 08:18:13 2015 (r377155) @@ -57,6 +57,44 @@ Notes: --> + + unzip -- input sanitization errors + + + unzip + 6.0_2 + + + + +

oCERT reports:

+
The UnZip tool is an open source extraction utility for archives + compressed in the zip format.
+
The unzip command line tool is affected by heap-based buffer + overflows within the CRC32 verification, the test_compr_eb() and + the getZip64Data() functions. The input errors may result in + arbitrary code execution.
+
A specially crafted zip file, passed to unzip -t, can be used to + trigger the vulnerability.
+

+ + + + CVE-2014-8139 + CVE-2014-8140 + CVE-2014-8141 + http://www.info-zip.org/UnZip.html + https://bugzilla.redhat.com/show_bug.cgi?id=1174844 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8140 + https://bugzilla.redhat.com/show_bug.cgi?id=1174856 + + + 2014-12-03 + 2015-01-16 + + + samba -- Elevation of privilege to Active Directory Domain Controller