Date: Sun, 28 Oct 2018 16:26:42 +0000 (UTC) From: Thomas Zander <riggs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r483315 - head/security/vuxml Message-ID: <201810281626.w9SGQgT4054128@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: riggs Date: Sun Oct 28 16:26:41 2018 New Revision: 483315 URL: https://svnweb.freebsd.org/changeset/ports/483315 Log: Document potential remote code execution in net/liveMedia (CVE-2018-4013) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Oct 28 16:24:21 2018 (r483314) +++ head/security/vuxml/vuln.xml Sun Oct 28 16:26:41 2018 (r483315) @@ -58,6 +58,35 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="fa194483-dabd-11e8-bf39-5404a68ad561"> + <topic>liveMedia -- potential remote code execution</topic> + <affects> + <package> + <name>liveMedia</name> + <range><lt>2018.10.17,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Talos reports:</p> + <blockquote cite="https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684">; + <p>An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality + of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer + overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2018-4013</cvename> + <url>https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684</url>; + <url>http://lists.live555.com/pipermail/live-devel/2018-October/021071.html</url>; + </references> + <dates> + <discovery>2018-10-18</discovery> + <entry>2018-10-28</entry> + </dates> + </vuln> + <vuln vid="33c384f3-5af6-4662-9741-0acb21c7e499"> <topic>mini_httpd -- disclose arbitrary files is some circumstances</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810281626.w9SGQgT4054128>