Date: Thu, 12 Oct 2023 14:51:09 GMT From: Emmanuel Vadot <manu@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 93b4cdd20b09 - main - security/vuxml: Document libXpm recent CVEs Message-ID: <202310121451.39CEp9Tq034207@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by manu: URL: https://cgit.FreeBSD.org/ports/commit/?id=93b4cdd20b09fa83cd4b43a2d100950a251b6527 commit 93b4cdd20b09fa83cd4b43a2d100950a251b6527 Author: Emmanuel Vadot <manu@FreeBSD.org> AuthorDate: 2023-10-12 14:40:40 +0000 Commit: Emmanuel Vadot <manu@FreeBSD.org> CommitDate: 2023-10-12 14:48:21 +0000 security/vuxml: Document libXpm recent CVEs PR: 274266 --- security/vuxml/vuln/2023.xml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 39a9b3bdb902..5bcf48a0c563 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,37 @@ + <vuln vid="199cdb4d-690d-11ee-9ed0-001fc69cd6dc"> + <topic>x11/libXpm multiple vulnerabilities</topic> + <affects> + <package> + <name>libXpm</name> + <range><lt>3.5.17</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The X.Org project reports:</p> + <blockquote cite="https://lists.x.org/archives/xorg/2023-October/061506.html"> + <dl> + <dt>CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer</dt> + <dd>An out-of-bounds read is located in ParseComment() when reading from + a memory buffer instead of a file, as it continued to look for the + closing comment marker past the end of the buffer.</dd> + <dt>CVE-2023-43789: Out of bounds read on XPM with corrupted colormap</dt> + <dd>A corrupted colormap section may cause libXpm to read out of bounds.</dd> + </dl> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-43788</cvename> + <cvename>CVE-2023-43789</cvename> + <url>https://lists.x.org/archives/xorg/2023-October/061506.html</url> + </references> + <dates> + <discovery>2023-09-22</discovery> + <entry>2023-10-12</entry> + </dates> + </vuln> + <vuln vid="bd92f1ab-690c-11ee-9ed0-001fc69cd6dc"> <topic>11/libX11 multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202310121451.39CEp9Tq034207>