[Bug 201780] dns/libidn: out-of-bounds read issue with invalid UTF-8 input (CVE-2015-2059)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jul 23 03:30:40 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201780
Jason Unovitch <jason.unovitch at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ports-secteam at FreeBSD.org
Attachment #159104| |maintainer-approval?(ports-
Flags| |secteam at FreeBSD.org)
--- Comment #2 from Jason Unovitch <jason.unovitch at gmail.com> ---
Created attachment 159104
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159104&action=edit
security/vuxml for libidn out-of-bounds read issue with invalid UTF-8 input
Changelog:
Document libidn out-of-bounds read issue with invalid UTF-8 input
PR: 201780
Security: CVE-2015-2059
Security: 4caf01e2-30e6-11e5-a4a5-002590263bf5
Validation:
> make validate
/bin/sh /usr/ports/security/vuxml/files/tidy.sh
"/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml"
> "/usr/ports/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py
/usr/ports/security/vuxml/vuln.xml
> env PKG_DBDIR=/usr/ports/security/vuxml pkg audit libidn-1.2.9
libidn-1.2.9 is vulnerable:
libidn -- out-of-bounds read issue with invalid UTF-8 input
CVE: CVE-2015-2059
WWW:
https://vuxml.FreeBSD.org/freebsd/4caf01e2-30e6-11e5-a4a5-002590263bf5.html
1 problem(s) in the installed packages found.
> env PKG_DBDIR=/usr/ports/security/vuxml pkg audit libidn-1.3.1
0 problem(s) in the installed packages found.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list