svn commit: r509427 - head/security/vuxml
Thomas Zander
riggs at FreeBSD.org
Tue Aug 20 14:26:35 UTC 2019
Author: riggs
Date: Tue Aug 20 14:26:34 2019
New Revision: 509427
URL: https://svnweb.freebsd.org/changeset/ports/509427
Log:
Document vlc vulnerabilities prior to release 3.0.8
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Aug 20 14:17:56 2019 (r509426)
+++ head/security/vuxml/vuln.xml Tue Aug 20 14:26:34 2019 (r509427)
@@ -58,6 +58,56 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="795442e7-c355-11e9-8224-5404a68ad561">
+ <topic>vlc -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>vlc</name>
+ <range><lt>3.0.8,4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The VLC project reports:</p>
+ <blockquote cite="https://www.videolan.org/developers/vlc-branch/NEWS">
+ <p>Security:
+ * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
+ * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
+ * Fix a read buffer overflow in the FAAD decoder
+ * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
+ * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
+ * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
+ * Fix a use after free in the ASF demuxer (CVE-2019-14533)
+ * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
+ * Fix a null dereference in the dvdnav demuxer
+ * Fix a null dereference in the ASF demuxer (CVE-2019-14534)
+ * Fix a null dereference in the AVI demuxer
+ * Fix a division by zero in the CAF demuxer (CVE-2019-14498)
+ * Fix a division by zero in the ASF demuxer (CVE-2019-14535)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.videolan.org/developers/vlc-branch/NEWS</url>
+ <cvename>CVE-2019-13602</cvename>
+ <cvename>CVE-2019-13962</cvename>
+ <cvename>CVE-2019-14437</cvename>
+ <cvename>CVE-2019-14438</cvename>
+ <cvename>CVE-2019-14498</cvename>
+ <cvename>CVE-2019-14533</cvename>
+ <cvename>CVE-2019-14534</cvename>
+ <cvename>CVE-2019-14535</cvename>
+ <cvename>CVE-2019-14776</cvename>
+ <cvename>CVE-2019-14777</cvename>
+ <cvename>CVE-2019-14778</cvename>
+ <cvename>CVE-2019-14970</cvename>
+ </references>
+ <dates>
+ <discovery>2019-07-14</discovery>
+ <entry>2019-08-20</entry>
+ </dates>
+ </vuln>
+
<vuln vid="56778a31-c2a1-11e9-9051-4c72b94353b5">
<topic>nsd -- Stack-based Buffer Overflow</topic>
<affects>
More information about the svn-ports-all
mailing list