Date: Tue, 14 Apr 2015 08:33:05 +0000 (UTC) From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r383985 - head/security/vuxml Message-ID: <201504140833.t3E8X5g1043511@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rakuco Date: Tue Apr 14 08:33:04 2015 New Revision: 383985 URL: https://svnweb.freebsd.org/changeset/ports/383985 Log: Add entry for CVE-2015-1858, CVE-2015-1859 and CVE-2015-1860. Multiple vulnerabilities in Qt image format handling (the 3 CVEs are part of the same security advisory). Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Apr 14 08:24:06 2015 (r383984) +++ head/security/vuxml/vuln.xml Tue Apr 14 08:33:04 2015 (r383985) @@ -57,6 +57,48 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="5713bfda-e27d-11e4-b2ce-5453ed2e2b49"> + <topic>qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling</topic> + <affects> + <package> + <name>qt4-imageformats</name> + <range><lt>4.8.6_3</lt></range> + </package> + <package> + <name>qt4-gui</name> + <range><lt>4.8.6_5</lt></range> + </package> + <package> + <name>qt5-gui</name> + <range><lt>5.4.1_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Richard J. Moore reports:</p> + <blockquote cite="http://lists.qt-project.org/pipermail/announce/2015-April/000067.html">; + <p>Due to two recent vulnerabilities identified in the built-in image + format handling code, it was decided that this area required further + testing to determine if further issues remained. Fuzzing using + afl-fuzz located a number of issues in the handling of BMP, ICO and + GIF files. The issues exposed included denial of service and buffer + overflows leading to heap corruption. It is possible the latter could + be used to perform remote code execution.</p> + </blockquote> + </body> + </description> + <references> + <mlist>http://lists.qt-project.org/pipermail/announce/2015-April/000067.html</mlist>; + <cvename>CVE-2015-1858</cvename> + <cvename>CVE-2015-1859</cvename> + <cvename>CVE-2015-1860</cvename> + </references> + <dates> + <discovery>2015-04-12</discovery> + <entry>2015-04-14</entry> + </dates> + </vuln> + <vuln vid="d4379f59-3e9b-49eb-933b-61de4d0b0fdb"> <topic>Ruby -- OpenSSL Hostname Verification Vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504140833.t3E8X5g1043511>