svn commit: r441439 - head/security/vuxml
Dirk Meyer
dinoex at FreeBSD.org
Mon May 22 08:58:46 UTC 2017
Author: dinoex
Date: Mon May 22 08:58:44 2017
New Revision: 441439
URL: https://svnweb.freebsd.org/changeset/ports/441439
Log:
- add miniupnpc CVE-2017-8798
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon May 22 08:31:41 2017 (r441438)
+++ head/security/vuxml/vuln.xml Mon May 22 08:58:44 2017 (r441439)
@@ -58,6 +58,37 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="da1d5d2e-3eca-11e7-8861-0018fe623f2b">
+ <topic>miniupnpc -- integer signedness error</topic>
+ <affects>
+ <package>
+ <name>miniupnpc</name>
+ <range><lt>2.0.20170509</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Tintinweb reports:</p>
+ <blockquote cite="https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798">
+ <p>An integer signedness error was found in miniupnp's miniwget
+ allowing an unauthenticated remote entity typically located on the
+ local network segment to trigger a heap corruption or an access
+ violation in miniupnp's http response parser when processing a
+ specially crafted chunked-encoded response to a request for the
+ xml root description url.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-8798</cvename>
+ <url>https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798</url>
+ </references>
+ <dates>
+ <discovery>2017-05-09</discovery>
+ <entry>2017-05-22</entry>
+ </dates>
+ </vuln>
+
<vuln vid="a5bb7ea0-3e58-11e7-94a2-00e04c1ea73d">
<topic>Wordpress -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list