Date: Fri, 4 Sep 2020 02:13:17 +0000 (UTC) From: Adam Weinberger <adamw@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r547500 - head/security/vuxml Message-ID: <202009040213.0842DHdv098769@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: adamw Date: Fri Sep 4 02:13:17 2020 New Revision: 547500 URL: https://svnweb.freebsd.org/changeset/ports/547500 Log: vuxml: Add entry for gnupg 2.2.21 - 2.2.22 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Sep 4 02:12:38 2020 (r547499) +++ head/security/vuxml/vuln.xml Fri Sep 4 02:13:17 2020 (r547500) @@ -58,6 +58,37 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f9fa7adc-ee51-11ea-a240-002590acae31"> + <topic>gnupg -- AEAD key import overflow</topic> + <affects> + <package> + <name>gnupg</name> + <range><ge>2.2.21</ge></range> + <range><lt>2.2.23</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Importing an OpenPGP key having a preference list for AEAD algorithms + will lead to an array overflow and thus often to a crash or other + undefined behaviour.</p> + + <p>Importing an arbitrary key can often easily be triggered by an attacker + and thus triggering this bug. Exploiting the bug aside from crashes is + not trivial but likely possible for a dedicated attacker. The major + hurdle for an attacker is that only every second byte is under their + control with every first byte having a fixed value of 0x04.</p> + </body> + </description> + <references> + <cvename>CVE-2020-25125</cvename> + <url>https://dev.gnupg.org/T5050</url> + </references> + <dates> + <entry>2020-09-03</entry> + </dates> + </vuln> + <vuln vid="762b7d4a-ec19-11ea-88f8-901b0ef719ab"> <topic>FreeBSD -- dhclient heap overflow</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009040213.0842DHdv098769>