svn commit: r411251 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Thu Mar 17 02:45:36 UTC 2016
Author: junovitch
Date: Thu Mar 17 02:45:34 2016
New Revision: 411251
URL: https://svnweb.freebsd.org/changeset/ports/411251
Log:
Document possible code execution and integer overflow issue in git
PR: 208074
Reported by: Sevan Janiyan <venture37 at geeklan.co.uk> (via PR)
Reported by: Tony Tung <tonytung at merly.org> (via email)
Security: CVE-2016-2315
Security: CVE-2016-2324
Security: https://vuxml.FreeBSD.org/freebsd/93ee802e-ebde-11e5-92ce-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/d2a84feb-ebe0-11e5-92ce-002590263bf5.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Mar 17 01:40:47 2016 (r411250)
+++ head/security/vuxml/vuln.xml Thu Mar 17 02:45:34 2016 (r411251)
@@ -58,6 +58,62 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="d2a84feb-ebe0-11e5-92ce-002590263bf5">
+ <topic>git -- integer overflow</topic>
+ <affects>
+ <package>
+ <name>git</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Debian reports:</p>
+ <blockquote cite="https://security-tracker.debian.org/tracker/CVE-2016-2324">
+ <p>integer overflow due to a loop which adds more to "len".</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2324</cvename>
+ <url>https://security-tracker.debian.org/tracker/CVE-2016-2324</url>
+ <url>https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d</url>
+ </references>
+ <dates>
+ <discovery>2016-02-24</discovery>
+ <entry>2016-03-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="93ee802e-ebde-11e5-92ce-002590263bf5">
+ <topic>git -- potential code execution</topic>
+ <affects>
+ <package>
+ <name>git</name>
+ <range><lt>2.7.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Debian reports:</p>
+ <blockquote cite="https://security-tracker.debian.org/tracker/CVE-2016-2315">
+ <p>"int" is the wrong data type for ... nlen assignment.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2315</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2016/03/15/6</url>
+ <url>https://marc.info/?l=oss-security&m=145809217306686&w=2</url>
+ <url>https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305</url>
+ <url>https://security-tracker.debian.org/tracker/CVE-2016-2315</url>
+ </references>
+ <dates>
+ <discovery>2015-09-24</discovery>
+ <entry>2016-03-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="6d33b3e5-ea03-11e5-85be-14dae9d210b8">
<topic>node -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list