svn commit: r414896 - head/security/vuxml

Jason Unovitch junovitch at FreeBSD.org
Tue May 10 00:22:29 UTC 2016


Author: junovitch
Date: Tue May 10 00:22:27 2016
New Revision: 414896
URL: https://svnweb.freebsd.org/changeset/ports/414896

Log:
  Fix version range for libarchive entry. [1]
  
  While here, add CVE and wrap lines at <80
  
  PR:		209404 [1]
  Reported by:	dereks at lifeofadishwasher.com [1]
  Security:	CVE-2016-1541
  Security:	https://vuxml.FreeBSD.org/freebsd/2b4c8e1f-1609-11e6-b55e-b499baebfeaf.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon May  9 23:38:21 2016	(r414895)
+++ head/security/vuxml/vuln.xml	Tue May 10 00:22:27 2016	(r414896)
@@ -63,26 +63,28 @@ Notes:
     <affects>
       <package>
 	<name>libarchive</name>
-	<range><lt>2.3.0,1</lt></range>
+	<range><lt>3.2.0,1</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The libarchive project reports:</p>
 	<blockquote cite="https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7">
-	  <p>Heap-based buffer overflow in the zip_read_mac_metadata function in
-	  archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote
-	  attackers to execute arbitrary code via crafted entry-size values in a ZIP
-	  archive.</p>
+	  <p>Heap-based buffer overflow in the zip_read_mac_metadata function
+	    in archive_read_support_format_zip.c in libarchive before 3.2.0
+	    allows remote attackers to execute arbitrary code via crafted
+	    entry-size values in a ZIP archive.</p>
 	</blockquote>
       </body>
     </description>
     <references>
+      <cvename>CVE-2016-1541</cvename>
       <url>https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7</url>
     </references>
     <dates>
       <discovery>2016-05-01</discovery>
       <entry>2016-05-09</entry>
+      <modified>2016-05-10</modified>
     </dates>
   </vuln>
 


More information about the svn-ports-all mailing list