svn commit: r431837 - head/security/vuxml
Jason E. Hale
jhale at FreeBSD.org
Thu Jan 19 04:08:51 UTC 2017
Author: jhale
Date: Thu Jan 19 04:08:50 2017
New Revision: 431837
URL: https://svnweb.freebsd.org/changeset/ports/431837
Log:
Document graphics/icoutils vulnerabilities
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Jan 19 03:49:19 2017 (r431836)
+++ head/security/vuxml/vuln.xml Thu Jan 19 04:08:50 2017 (r431837)
@@ -58,6 +58,36 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="57facd35-ddf6-11e6-915d-001b3856973b">
+ <topic>icoutils -- check_offset overflow on 64-bit systems</topic>
+ <affects>
+ <package>
+ <name>icoutils</name>
+ <range><lt>0.31.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Choongwoo Han reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2017/q1/38">
+ <p>An exploitable crash exists in the wrestool utility on 64-bit systems
+ where the result of subtracting two pointers exceeds the size of int.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5208</cvename>
+ <cvename>CVE-2017-5331</cvename>
+ <cvename>CVE-2017-5332</cvename>
+ <cvename>CVE-2017-5333</cvename>
+ <url>http://seclists.org/oss-sec/2017/q1/38</url>
+ </references>
+ <dates>
+ <discovery>2017-01-03</discovery>
+ <entry>2017-01-19</entry>
+ </dates>
+ </vuln>
+
<vuln vid="4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf">
<topic>mysql -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list