svn commit: r369772 - head/security/vuxml
Bryan Drewery
bdrewery at FreeBSD.org
Wed Oct 1 22:12:12 UTC 2014
Author: bdrewery
Date: Wed Oct 1 22:12:11 2014
New Revision: 369772
URL: https://svnweb.freebsd.org/changeset/ports/369772
QAT: https://qat.redports.org/buildarchive/r369772/
Log:
- Document CVE-2014-7187 fixed in bash-4.3.27_1
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Oct 1 22:10:46 2014 (r369771)
+++ head/security/vuxml/vuln.xml Wed Oct 1 22:12:11 2014 (r369772)
@@ -105,11 +105,18 @@ Notes:
possibly leading to arbitrary code execution when evaluating
untrusted input that would not otherwise be run as code.</p>
</blockquote>
+ <blockquote cite="https://access.redhat.com/security/cve/CVE-2014-7187">
+ <p>An off-by-one error was discovered in the way Bash was handling
+ deeply nested flow control constructs. Depending on the layout of
+ the .bss segment, this could allow arbitrary execution of code that
+ would not otherwise be executed by Bash.</p>
+ </blockquote>
</body>
</description>
<references>
<url>https://access.redhat.com/security/cve/CVE-2014-7186</url>
<cvename>CVE-2014-7186</cvename>
+ <cvename>CVE-2014-7187</cvename>
</references>
<dates>
<discovery>2014-09-25</discovery>
More information about the svn-ports-all
mailing list