svn commit: r346908 - head/security/vuxml
Brendan Fabeny
bf at FreeBSD.org
Mon Mar 3 14:38:31 UTC 2014
Author: bf
Date: Mon Mar 3 14:38:30 2014
New Revision: 346908
URL: http://svnweb.freebsd.org/changeset/ports/346908
QAT: https://qat.redports.org/buildarchive/r346908/
Log:
Add an entry for the file DOS vulnerability, CVE-2014-1943
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Mar 3 14:37:19 2014 (r346907)
+++ head/security/vuxml/vuln.xml Mon Mar 3 14:38:30 2014 (r346908)
@@ -51,6 +51,34 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="815dbcf9-a2d6-11e3-8088-002590860428">
+ <topic>file -- denial of service</topic>
+ <affects>
+ <package>
+ <name>file</name>
+ <range><lt>5.17</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Fine Free file project reports:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943">
+ <p>... file before 5.17 allows context-dependent attackers to
+ cause a denial of service (infinite recursion, CPU consumption, and
+ crash) via a crafted indirect offset value in the magic of a file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-1943</cvename>
+ <mlist>http://mx.gw.com/pipermail/file/2014/001327.html</mlist>
+ </references>
+ <dates>
+ <discovery>2014-02-16</discovery>
+ <entry>2014-03-03</entry>
+ </dates>
+ </vuln>
+
<vuln vid="8e5e6d42-a0fa-11e3-b09a-080027f2d077">
<topic>Python -- buffer overflow in socket.recvfrom_into()</topic>
<affects>
More information about the svn-ports-head
mailing list