From owner-cvs-ports@FreeBSD.ORG  Sun Jan 11 13:22:40 2009
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C04051065670;
	Sun, 11 Jan 2009 13:22:40 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id AE6578FC0A;
	Sun, 11 Jan 2009 13:22:40 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n0BDMeu5090059;
	Sun, 11 Jan 2009 13:22:40 GMT
	(envelope-from miwi@repoman.freebsd.org)
Received: (from miwi@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n0BDMeWV090058;
	Sun, 11 Jan 2009 13:22:40 GMT (envelope-from miwi)
Message-Id: <200901111322.n0BDMeWV090058@repoman.freebsd.org>
From: Martin Wilke <miwi@FreeBSD.org>
Date: Sun, 11 Jan 2009 13:22:40 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/audio/libcdaudio Makefile
 ports/audio/libcdaudio/files patch-CVE-2008-5030.2005-0706
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jan 2009 13:22:41 -0000

miwi        2009-01-11 13:22:40 UTC

  FreeBSD ports repository

  Modified files:
    audio/libcdaudio     Makefile 
  Added files:
    audio/libcdaudio/files patch-CVE-2008-5030.2005-0706 
  Log:
  - Fix:
          Heap-based buffer overflow in the cddb_read_disc_data function in
          cddb.c in libcdaudio 0.99.12p2 allows remote attackers to execute
          arbitrary code via long CDDB data.
  
          Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause
          a denial of service (crash) and possibly execute arbitrary code by
          causing the cddb lookup to return more matches than expected.
  
  PR:             129050
  Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>
  Approved by:    novel@ (maintainer)
  Security:       http://www.vuxml.org/freebsd/bd730827-dfe0-11dd-a765-0030843d3802.html
  
  Revision  Changes    Path
  1.28      +2 -2      ports/audio/libcdaudio/Makefile
  1.1       +45 -0     ports/audio/libcdaudio/files/patch-CVE-2008-5030.2005-0706 (new)