From nobody Sat Sep 7 09:29:19 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X178b54kRz5VCvT; Sat, 07 Sep 2024 09:29:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X178b2Q3xz4SJX; Sat, 7 Sep 2024 09:29:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725701359; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HH7ce094YShm5Qm88Y37rdhUp9Rcyh8u62WDAaaYHEE=; b=LtTURka/DLy7Gr0nA+BDK74r/NpBEomFvlcrkLPrJTPHLocJ6PlYojkyTFLw4c8veGn7Uw CGnClmLlzGuA0WPf3UrJxJFo4sZhU39fWknr4fCMfkywFq5LHwWu5T4bL2trqYB87QIYtJ vmf8gzwufVE372xBrPUnL5V7v0BBNZih8vJhn31J6tCM6JA5/jXtZliJYvafRmqPHQz5y7 CTDgZjJrXdtBRKGBKK0pGZQBClr/kTGIpOC+P6CXDHld04jJ9N1ffBmXk8XKytg0Pjd3GF +6EOW/vF44Zq6J2hb/Dxen6DQ8x5i+EtumK2lV5JpwiN+Yhr1BgmuLg1rknIMQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725701359; a=rsa-sha256; cv=none; b=fquF7cEQLNmoZBy3/e4nJIrrm7VWEPhdkixZwYk48qs3AM2G6a+idoVTEV4Tn1ViiWVtZY OC12K5rWH6CYmovgw/RYXpNh3hAXff9byG4TM9y4tFPoAzS8p56GvOb446mnsfU6C/zt6/ ST7b34QNTlD/+qgtPZCMhROZjNY3R+e/w8R0AzIWhHZsU64NULVp0cWjBFasS4JqH4DlB7 /1bopKYGULdPL9xln186OdK4KymR4lITyDQ0Rw9krvamInlsjS1BPCnzrnx2TeNbJnPm3K HtDrjFGd8GG/4P41LBIg3dHT8wfiuEOgvalnzeNsTbfVYO1Y6hnzsK9XDWyeWg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725701359; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HH7ce094YShm5Qm88Y37rdhUp9Rcyh8u62WDAaaYHEE=; b=VKwg0wCh9nKyFaPw0/YsDOUAZq3zTH2eSTnDxbPH3KCYw1PblVU0XfGUgltP4Ov8x4RAJi ZiS9QX+lZB7e56KU0a0BmRZ6CQ7IMc/L9Pe0FFptrutBEPqgF7HICFjNw6DKq8fgcDICqc zU/r3qklsMMcZqnu82y1QoIj58GmuwybU0fEbnL8KzH9ynItXNs1sAu0hBAmkoExIW5/tt 5laaLtdVihCxfolgec9qaKl5k/8z0dh+7EsQnP2zkQjEOgO8vVpQAT3+ZgeU73WVJIoslZ CV/oRm317gjMoZ1w4TzckXHnj7lulUVycNYULYtPUf1megth0zCOGO1aIzp2GA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X178b0qcZzV3J; Sat, 7 Sep 2024 09:29:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4879TJsa025304; Sat, 7 Sep 2024 09:29:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4879TJLv025301; Sat, 7 Sep 2024 09:29:19 GMT (envelope-from git) Date: Sat, 7 Sep 2024 09:29:19 GMT Message-Id: <202409070929.4879TJLv025301@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: "Jason E. Hale" Subject: git: 56ac822d19e0 - main - security/vuxml: Add exiv2 >= 0.28.0 and < 0.28.3 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhale X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 56ac822d19e0b4f5e647416bde6c8f3e4d4b37f7 Auto-Submitted: auto-generated The branch main has been updated by jhale: URL: https://cgit.FreeBSD.org/ports/commit/?id=56ac822d19e0b4f5e647416bde6c8f3e4d4b37f7 commit 56ac822d19e0b4f5e647416bde6c8f3e4d4b37f7 Author: Jason E. Hale AuthorDate: 2024-09-07 08:57:40 +0000 Commit: Jason E. Hale CommitDate: 2024-09-07 09:29:09 +0000 security/vuxml: Add exiv2 >= 0.28.0 and < 0.28.3 --- security/vuxml/vuln/2024.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 6045f3dc6798..b3f9e1d74f6a 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,32 @@ + + exiv2 -- Out-of-bounds read in AsfVideo::streamProperties + + + exiv2 + 0.28.0,10.28.3,1 + + + + +

Kevin Backhouse reports:

+
+

An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability + is in the parser for the ASF video format, which was a new feature in v0.28.0, + so Exiv2 versions before v0.28 are not affected. The out-of-bounds read is + triggered when Exiv2 is used to read the metadata of a crafted video file.

+
+ + + + CVE-2024-39695 + https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh + + + 2024-04-21 + 2024-09-07 + + + forgejo -- multiple vulnerabilities