svn commit: r430951 - head/security/vuxml
Nikolai Lifanov
lifanov at FreeBSD.org
Mon Jan 9 14:24:51 UTC 2017
Author: lifanov
Date: Mon Jan 9 14:24:49 2017
New Revision: 430951
URL: https://svnweb.freebsd.org/changeset/ports/430951
Log:
security/vuxml: document pcsc-lite vulnerabilities
PR: 215834
Submitted by: Mahdi Mokhtari <mokhi64 at gmail.com> (maintainer)
Reviewed by: matthew
Approved by: matthew (mentor)
MFH: 2017Q1
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Jan 9 14:19:18 2017 (r430950)
+++ head/security/vuxml/vuln.xml Mon Jan 9 14:24:49 2017 (r430951)
@@ -58,6 +58,37 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="c218873d-d444-11e6-84ef-f0def167eeea">
+ <topic>Use-After-Free Vulnerability in pcsc-lite</topic>
+ <affects>
+ <package>
+ <name>pcsc-lite</name>
+ <range><ge>1.6.0</ge><lt>1.8.20</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Peter Wu on Openwall mailing-list reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2017/01/03/2">
+ <p>The issue allows a local attacker to cause a Denial of Service,
+ but can potentially result in Privilege Escalation since
+ the daemon is running as root. while any local user can
+ connect to the Unix socket.
+ Fixed by patch which is released with hpcsc-lite 1.8.20.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CWE-415</cvename>
+ <cvename>CWE-416</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2017/01/03/2</url>
+ </references>
+ <dates>
+ <discovery>2017-01-03</discovery>
+ <entry>2017-01-06</entry>
+ </dates>
+ </vuln>
+
<vuln vid="0c5369fc-d671-11e6-a9a5-b499baebfeaf">
<topic>GnuTLS -- Memory corruption vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list