svn commit: r302713 - in head/security: libotr vuxml
Jason Helfman
jgh at FreeBSD.org
Sat Aug 18 21:32:41 UTC 2012
>Modified: head/security/vuxml/vuln.xml
>==============================================================================
>--- head/security/vuxml/vuln.xml Sat Aug 18 08:32:03 2012 (r302712)
>+++ head/security/vuxml/vuln.xml Sat Aug 18 08:39:39 2012 (r302713)
>@@ -37,21 +37,58 @@ QUICK GUIDE TO ADDING A NEW ENTRY
> 2. fill in the template
> 3. use 'make validate' to verify syntax correctness (you might need to install
> textproc/libxml2 for parser, and this port for catalogs)
>-4. run 'make tidy' and then diff vuln.xml and vuln.xml.tidy - there should be
>- no difference.
>-5. ???
>-6. profit!
>+4. fix any errors
>+5. profit!
>
>-Extensive documentation of the format is available in Porter's Handbook at
>+Extensive documentation of the format and help with writing and verifying
>+a new entry is available in The Porter's Handbook at:
>
> http://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html
>
>-Help is available from ports-security at freebsd.org
>+Help is also available from ports-security at freebsd.org.
>
> Note: Please add new entries to the beginning of this file.
>
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+ <vuln vid="c651c898-e90d-11e1-b230-0024e830109b">
>+ <topic>libotr -- buffer overflows</topic>
>+ <affects>
>+ <package>
>+ <name>libotr</name>
>+ <range><lt>3.2.1</lt></range>
>+ </package>
>+ </affects>
>+ <description>
>+ <body xmlns="http://www.w3.org/1999/xhtml">
>+ <p>OTR developers report:</p>
>+ <blockquote cite="http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html">
>+ <p>The otrl_base64_otr_decode() function and similar functions within OTR
>+ suffer from buffer overflows in the case of malformed input;
>+ specifically if a message of the format of "?OTR:===." is received
>+ then a zero-byte allocation is performed without a similar correlation
>+ between the subsequent base64 decoding write, as such it becomes
>+ possible to write between zero and three bytes incorrectly to the
>+ heap, albeit only with a value of '='.</p>
>+ <p>Because this code path is highly utilized, specifically in the
>+ reception of instant messages over pidgin or similar, this
>+ vulnerability is considered severe even though in many platforms and
>+ circumstances the bug would yield an unexploitable state and result
>+ simply in denial of service.</p>
>+ <p>The developers of OTR promptly fixed the errors and users of OTR are
>+ advised to upgrade the software at the next release cycle.</p>
>+ </blockquote>
>+ </body>
>+ </description>
>+ <references>
>+ <cvename>CVE-2012-3461</cvename>
>+ </references>
>+ <dates>
>+ <discovery>2012-07-27</discovery>
>+ <entry>2012-08-18</entry>
>+ </dates>
>+ </vuln>
>+
> <vuln vid="0f62be39-e8e0-11e1-bea0-002354ed89bc">
> <topic>OpenTTD -- Denial of Service</topic>
> <affects>
>
Thanks for the update, Doug! I did have one question though, and I know this
comes up now and then. Can you please add the cited url to the reference
block inside a url tag? And thank you again for the update, along with the
vuxml! Always very nice when it can happen at once.
-jgh
--
Jason Helfman
FreeBSD Committer | http://people.freebsd.org/~jgh | The Power To Serve
More information about the svn-ports-head
mailing list