Date: Sun, 11 Jan 2009 13:22:40 +0000 (UTC) From: Martin Wilke <miwi@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/audio/libcdaudio Makefile ports/audio/libcdaudio/files patch-CVE-2008-5030.2005-0706 Message-ID: <200901111322.n0BDMeWV090058@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
miwi 2009-01-11 13:22:40 UTC
FreeBSD ports repository
Modified files:
audio/libcdaudio Makefile
Added files:
audio/libcdaudio/files patch-CVE-2008-5030.2005-0706
Log:
- Fix:
Heap-based buffer overflow in the cddb_read_disc_data function in
cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute
arbitrary code via long CDDB data.
Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause
a denial of service (crash) and possibly execute arbitrary code by
causing the cddb lookup to return more matches than expected.
PR: 129050
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Approved by: novel@ (maintainer)
Security: http://www.vuxml.org/freebsd/bd730827-dfe0-11dd-a765-0030843d3802.html
Revision Changes Path
1.28 +2 -2 ports/audio/libcdaudio/Makefile
1.1 +45 -0 ports/audio/libcdaudio/files/patch-CVE-2008-5030.2005-0706 (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901111322.n0BDMeWV090058>