Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 May 2016 00:22:27 +0000 (UTC)
From:      Jason Unovitch <junovitch@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r414896 - head/security/vuxml
Message-ID:  <201605100022.u4A0MR6G086597@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: junovitch
Date: Tue May 10 00:22:27 2016
New Revision: 414896
URL: https://svnweb.freebsd.org/changeset/ports/414896

Log:
  Fix version range for libarchive entry. [1]
  
  While here, add CVE and wrap lines at <80
  
  PR:		209404 [1]
  Reported by:	dereks@lifeofadishwasher.com [1]
  Security:	CVE-2016-1541
  Security:	https://vuxml.FreeBSD.org/freebsd/2b4c8e1f-1609-11e6-b55e-b499baebfeaf.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon May  9 23:38:21 2016	(r414895)
+++ head/security/vuxml/vuln.xml	Tue May 10 00:22:27 2016	(r414896)
@@ -63,26 +63,28 @@ Notes:
     <affects>
       <package>
 	<name>libarchive</name>
-	<range><lt>2.3.0,1</lt></range>
+	<range><lt>3.2.0,1</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>The libarchive project reports:</p>
 	<blockquote cite="https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7">;
-	  <p>Heap-based buffer overflow in the zip_read_mac_metadata function in
-	  archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote
-	  attackers to execute arbitrary code via crafted entry-size values in a ZIP
-	  archive.</p>
+	  <p>Heap-based buffer overflow in the zip_read_mac_metadata function
+	    in archive_read_support_format_zip.c in libarchive before 3.2.0
+	    allows remote attackers to execute arbitrary code via crafted
+	    entry-size values in a ZIP archive.</p>
 	</blockquote>
       </body>
     </description>
     <references>
+      <cvename>CVE-2016-1541</cvename>
       <url>https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7</url>;
     </references>
     <dates>
       <discovery>2016-05-01</discovery>
       <entry>2016-05-09</entry>
+      <modified>2016-05-10</modified>
     </dates>
   </vuln>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605100022.u4A0MR6G086597>