svn commit: r435484 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Sun Mar 5 16:15:42 UTC 2017
Author: junovitch
Date: Sun Mar 5 16:15:40 2017
New Revision: 435484
URL: https://svnweb.freebsd.org/changeset/ports/435484
Log:
Fix PORTEPOCH on Chicken VuXML entry; also additional CVE affecting Chicken
PR: 216661
Reported by: sevan, Vitaly Magerya
Security: CVE-2016-9954
Security: https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Mar 5 16:15:37 2017 (r435483)
+++ head/security/vuxml/vuln.xml Sun Mar 5 16:15:40 2017 (r435484)
@@ -617,7 +617,7 @@ Notes:
<affects>
<package>
<name>chicken</name>
- <range><lt>4.12</lt></range>
+ <range><lt>4.12,1</lt></range>
</package>
</affects>
<description>
@@ -630,17 +630,24 @@ Notes:
triggered when an error is raised during argument and environment
processing.</p>
</blockquote>
+ <blockquote cite="http://lists.nongnu.org/archive/html/chicken-announce/2016-12/msg00000.html">
+ <p>Irregex versions before 0.9.6 contain a resource exhaustion
+ vulnerability: when compiling deeply nested regexes containing the
+ "+" operator due to exponential expansion behaviour.</p>
+ </blockquote>
</body>
</description>
<references>
<url>http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html</url>
<cvename>CVE-2016-6830</cvename>
<cvename>CVE-2016-6831</cvename>
+ <cvename>CVE-2016-9954</cvename>
<freebsdpr>ports/216661</freebsdpr>
</references>
<dates>
<discovery>2016-08-12</discovery>
<entry>2017-02-04</entry>
+ <modified>2017-03-05</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list