Date: Tue, 17 Feb 2015 22:03:33 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r379193 - head/security/vuxml Message-ID: <201502172203.t1HM3XNb064945@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Feb 17 22:03:32 2015 New Revision: 379193 URL: https://svnweb.freebsd.org/changeset/ports/379193 QAT: https://qat.redports.org/buildarchive/r379193/ Log: Document unzip heap based buffer overflow in iconv patch. PR: ports/197772 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Feb 17 21:58:40 2015 (r379192) +++ head/security/vuxml/vuln.xml Tue Feb 17 22:03:32 2015 (r379193) @@ -57,6 +57,34 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3680b234-b6f0-11e4-b7cc-d050992ecde8"> + <topic>unzip -- heap based buffer overflow in iconv patch</topic> + <affects> + <package> + <name>unzip</name> + <range><lt>6.0_5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Ubuntu Security Notice USN-2502-1 reports:</p> + <blockquote cite="http://www.ubuntu.com/usn/usn-2502-1/"> + <p>unzip could be made to run programs if it opened a specially crafted file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2015-1315</cvename> + <url>http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1315.html</url> + <url>https://security-tracker.debian.org/tracker/CVE-2015-1315</url> + <url>http://www.ubuntu.com/usn/usn-2502-1/</url> + </references> + <dates> + <discovery>2015-02-17</discovery> + <entry>2015-02-17</entry> + </dates> + </vuln> + <vuln vid="3a888a1e-b321-11e4-83b2-206a8a720317"> <topic>krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502172203.t1HM3XNb064945>