Date: Tue, 1 Apr 2008 11:52:23 -0700 (PDT) From: Nick Barkas <snb@threerings.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/122350: [patch] Add entry for gnupg 1.4.8 and 2.0.8 to security/vuxml. Message-ID: <20080401185223.D51CC61ED9@smtp.earth.threerings.net> Resent-Message-ID: <200804011900.m31J07Af071201@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 122350 >Category: ports >Synopsis: [patch] Add entry for gnupg 1.4.8 and 2.0.8 to security/vuxml. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Apr 01 19:00:07 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Nick Barkas >Release: FreeBSD 6.2-RELEASE-p11 i386 >Organization: Three Rings Design >Environment: System: FreeBSD mail1.earth.threerings.net 6.2-RELEASE-p11 FreeBSD 6.2-RELEASE-p11 #0: Wed Feb 13 07:00:04 UTC 2008 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386 >Description: GnuPG versions 1.4.8 and 2.0.8 contain a memory corruption vulnerability. This patch adds a VuXML entry for this vulnerability. >How-To-Repeat: >Fix: --- vuxml.patch begins here --- --- vuln.xml.orig Sun Mar 30 02:18:33 2008 +++ vuln.xml Tue Apr 1 11:46:00 2008 @@ -34,6 +34,42 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="cc98a8ae-0019-11dd-8c6a-00304881ac9a"> + <topic>gnupg -- memory corruption vulnerability</topic> + <affects> + <package> + <name>gnupg</name> + <range><eq>1.4.8</eq></range> + <range><eq>2.0.8</eq></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/28487/discuss">; + <p>GnuPG is prone to a memory-corruption vulnerability.</p> + <p>Exploiting this issue may allow remote attackers to crash the + affected application. Attackers may also be able to execute + arbitrary code in the context of the application, but this has not + been confirmed.</p> + <p>GnuPG 1.4.8 and 2.0.8 are vulnerable to this issue; previous + versions may also be affected.</p> + </blockquote> + </body> + </description> + <references> + <bid>28487</bid> + <cvename>CVE-2008-1530</cvename> + <mlist>http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000271.html</mlist>; + <mlist>http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html</mlist>; + <url>https://bugs.g10code.com/gnupg/issue894</url>; + </references> + <dates> + <discovery>2008-03-19</discovery> + <entry>2008-04-01</entry> + </dates> + </vuln> + <vuln vid="12b336c6-fe36-11dc-b09c-001c2514716c"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> --- vuxml.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080401185223.D51CC61ED9>