Date: Wed, 8 Nov 2023 22:30:28 GMT From: Daniel Engberg <diizzy@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 5ee341871994 - main - security/vuxml: Document libsndfile vulnerability Message-ID: <202311082230.3A8MUSEc055342@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by diizzy: URL: https://cgit.FreeBSD.org/ports/commit/?id=5ee3418719947dd836ddd420c20c7d948ac4c01a commit 5ee3418719947dd836ddd420c20c7d948ac4c01a Author: Daniel Engberg <diizzy@FreeBSD.org> AuthorDate: 2023-11-08 22:29:16 +0000 Commit: Daniel Engberg <diizzy@FreeBSD.org> CommitDate: 2023-11-08 22:29:20 +0000 security/vuxml: Document libsndfile vulnerability https://nvd.nist.gov/vuln/detail/CVE-2022-33065 --- security/vuxml/vuln/2023.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 3637937e4807..b609656891da 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,32 @@ + <vuln vid="4ade0c4d-7e83-11ee-9a8c-00155d01f201"> + <topic>libsndfile_project -- Integer overflow in dataend calculation</topic> + <affects> + <package> + <name>libsndfile</name> + <range><lt>1.2.2_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>cve@mitre.org reports:</p> + <blockquote cite="https://github.com/libsndfile/libsndfile/issues/789">; + <p>Multiple signed integers overflow in function au_read_header in + src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c + in Libsndfile, allows an attacker to cause Denial of Service or + other unspecified impacts.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-33065</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2022-33065</url>; + </references> + <dates> + <discovery>2023-07-18</discovery> + <entry>2023-11-08</entry> + </dates> + </vuln> + <vuln vid="77fc311d-7e62-11ee-8290-a8a1599412c6"> <topic>chromium -- security update</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202311082230.3A8MUSEc055342>