svn commit: r414896 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Tue May 10 00:22:29 UTC 2016
Author: junovitch
Date: Tue May 10 00:22:27 2016
New Revision: 414896
URL: https://svnweb.freebsd.org/changeset/ports/414896
Log:
Fix version range for libarchive entry. [1]
While here, add CVE and wrap lines at <80
PR: 209404 [1]
Reported by: dereks at lifeofadishwasher.com [1]
Security: CVE-2016-1541
Security: https://vuxml.FreeBSD.org/freebsd/2b4c8e1f-1609-11e6-b55e-b499baebfeaf.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon May 9 23:38:21 2016 (r414895)
+++ head/security/vuxml/vuln.xml Tue May 10 00:22:27 2016 (r414896)
@@ -63,26 +63,28 @@ Notes:
<affects>
<package>
<name>libarchive</name>
- <range><lt>2.3.0,1</lt></range>
+ <range><lt>3.2.0,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The libarchive project reports:</p>
<blockquote cite="https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7">
- <p>Heap-based buffer overflow in the zip_read_mac_metadata function in
- archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote
- attackers to execute arbitrary code via crafted entry-size values in a ZIP
- archive.</p>
+ <p>Heap-based buffer overflow in the zip_read_mac_metadata function
+ in archive_read_support_format_zip.c in libarchive before 3.2.0
+ allows remote attackers to execute arbitrary code via crafted
+ entry-size values in a ZIP archive.</p>
</blockquote>
</body>
</description>
<references>
+ <cvename>CVE-2016-1541</cvename>
<url>https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7</url>
</references>
<dates>
<discovery>2016-05-01</discovery>
<entry>2016-05-09</entry>
+ <modified>2016-05-10</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list