[Bug 225804] security/vuxml: Document vulnerability in uWSGI (CVE-2018-6758)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Feb 10 12:40:29 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225804
Bug ID: 225804
Summary: security/vuxml: Document vulnerability in uWSGI
(CVE-2018-6758)
Product: Ports & Packages
Version: Latest
Hardware: Any
URL: https://github.com/unbit/uwsgi-docs/blob/master/Change
log-2.0.16.rst
OS: Any
Status: New
Keywords: patch, security
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: ports-secteam at FreeBSD.org
Reporter: vlad-fbsd at acheronmedia.com
Assignee: ports-secteam at FreeBSD.org
Flags: maintainer-feedback?(ports-secteam at FreeBSD.org)
Created attachment 190478
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=190478&action=edit
Document CVE-2018-6758
The uwsgi_expand_path() function in core/utils.c in Unbit uWSGI before 2.0.16
has a stack-based buffer overflow via a large directory length.
* CVE-2018-6758
* Summary:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6758
* Release notes:
https://github.com/unbit/uwsgi-docs/blob/master/Changelog-2.0.16.rst
* Upstream fix:
https://github.com/unbit/uwsgi/commit/ed1c3bbc6cfc4d566401526fd21ba0984dd7b22a
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list