svn commit: r445212 - head/security/vuxml

Bernard Spil brnrd at FreeBSD.org
Fri Jul 7 07:59:56 UTC 2017 

Author: brnrd
Date: Fri Jul  7 07:59:54 2017
New Revision: 445212
URL: https://svnweb.freebsd.org/changeset/ports/445212

Log:
  security/vuxml: Register oniguruma/php-mbstring vulns

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Jul  7 07:51:52 2017	(r445211)
+++ head/security/vuxml/vuln.xml	Fri Jul  7 07:59:54 2017	(r445212)
@@ -58,6 +58,82 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="b396cf6c-62e6-11e7-9def-b499baebfeaf">
+    <topic>oniguruma -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>oniguruma4</name>
+	<range><lt>4.7.2</lt></range>
+      </package>
+      <package>
+	<name>oniguruma5</name>
+	<range><lt>5.9.7</lt></range>
+      </package>
+      <package>
+	<name>oniguruma6</name>
+	<range><lt>6.4.0</lt></range>
+      </package>
+      <package>
+	<name>php56-mbstring</name>
+	<range><lt>5.6.31</lt></range>
+      </package>
+      <package>
+	<name>php70-mbstring</name>
+	<range><lt>7.0.21</lt></range>
+      </package>
+      <package>
+	<name>php71-mbstring</name>
+	<range><lt>7.1.7</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>the PHP project reports:</p>
+	<blockquote cite="http://php.net/ChangeLog-7.php">
+	  <ul>
+	    <li>A stack out-of-bounds read occurs in match_at() during regular
+	      expression searching. A logical error involving order of validation
+	      and access in match_at() could result in an out-of-bounds read from
+	      a stack buffer (CVE-2017-9224).</li>
+	    <li>A heap out-of-bounds write or read occurs in next_state_val()
+	      during regular expression compilation. Octal numbers larger than 0xff
+	      are not handled correctly in fetch_token() and fetch_token_in_cc().
+	      A malformed regular expression containing an octal number in the form
+	      of '\700' would produce an invalid code point value larger than 0xff
+	      in next_state_val(), resulting in an out-of-bounds write memory
+	      corruption (CVE-2017-9226).</li>
+	    <li>A stack out-of-bounds read occurs in mbc_enc_len() during regular
+	      expression searching. Invalid handling of reg->dmin in
+	      forward_search_range() could result in an invalid pointer dereference,
+	      as an out-of-bounds read from a stack buffer (CVE-2017-9227).</li>
+	    <li>A heap out-of-bounds write occurs in bitset_set_range() during
+	      regular expression compilation due to an uninitialized variable from
+	      an incorrect state transition. An incorrect state transition in
+	      parse_char_class() could create an execution path that leaves a
+	      critical local variable uninitialized until it's used as an index,
+	      resulting in an out-of-bounds write memory corruption (CVE-2017-9228).</li>
+	    <li>A SIGSEGV occurs in left_adjust_char_head() during regular expression
+	      compilation. Invalid handling of reg->dmax in forward_search_range() could
+	      result in an invalid pointer dereference, normally as an immediate
+	      denial-of-service condition (CVE-2017-9228).</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>INSERT BLOCKQUOTE URL HERE</url>
+      <cvename>CVE-2017-9224</cvename>
+      <cvename>CVE-2017-9226</cvename>
+      <cvename>CVE-2017-9227</cvename>
+      <cvename>CVE-2017-9228</cvename>
+      <cvename>CVE-2017-9228</cvename>
+    </references>
+    <dates>
+      <discovery>2017-07-06</discovery>
+      <entry>2017-07-07</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="4fc2df49-6279-11e7-be0f-6cf0497db129">
     <topic>drupal -- Drupal Core - Multiple Vulnerabilities</topic>
     <affects>
@@ -72,13 +148,13 @@ Notes:
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Drupal Security Team Reports:</p>
-        <blockquote cite="https://www.drupal.org/SA-CORE-2017-003">
-          <p>CVE-2017-6920: PECL YAML parser unsafe object handling.</p>
-          <p>CVE-2017-6921: File REST resource does not properly validate</p>
-          <p>CVE-2017-6922: Files uploaded by anonymous users into a private
-        file system can be accessed by other anonymous users.</p>
-        </blockquote>
+	<p>Drupal Security Team Reports:</p>
+	<blockquote cite="https://www.drupal.org/SA-CORE-2017-003">
+	  <p>CVE-2017-6920: PECL YAML parser unsafe object handling.</p>
+	  <p>CVE-2017-6921: File REST resource does not properly validate</p>
+	  <p>CVE-2017-6922: Files uploaded by anonymous users into a private
+	    file system can be accessed by other anonymous users.</p>
+	</blockquote>
       </body>
     </description>
     <references>

More information about the svn-ports-all mailing list