svn commit: r437926 - head/security/vuxml
Dominic Fandrey
kami at FreeBSD.org
Fri Apr 7 14:26:15 UTC 2017
Author: kami
Date: Fri Apr 7 14:26:14 2017
New Revision: 437926
URL: https://svnweb.freebsd.org/changeset/ports/437926
Log:
security/vuxml: Add id Tech 3 remote code execution
PR: 217911
Reviewed by: delphij, #ports_secteam
Approved by: delphij, #ports_secteam
Security: CVE-2017-6903
Differential Revision: https://reviews.freebsd.org/D10244
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Apr 7 14:12:20 2017 (r437925)
+++ head/security/vuxml/vuln.xml Fri Apr 7 14:26:14 2017 (r437926)
@@ -58,6 +58,45 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="e48355d7-1548-11e7-8611-0090f5f2f347">
+ <topic>id Tech 3 -- remote code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>ioquake3</name>
+ <range><lt>1.36_16</lt></range>
+ </package>
+ <package>
+ <name>ioquake3-devel</name>
+ <range><lt>g2930</lt></range>
+ </package>
+ <package>
+ <name>iourbanterror</name>
+ <range><lt>4.3.2,1</lt></range>
+ </package>
+ <package>
+ <name>openarena</name>
+ <range><lt>0.8.8.s1910_3,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The content auto-download of id Tech 3 can be used to deliver
+ maliciously crafted content, that triggers downloading of
+ further content and loading and executing it as native code
+ with user credentials. This affects ioquake3, ioUrbanTerror,
+ OpenArena, the original Quake 3 Arena and other forks.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-6903</cvename>
+ <url>https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/</url>
+ </references>
+ <dates>
+ <discovery>2017-03-14</discovery>
+ <entry>2017-04-07</entry>
+ </dates>
+ </vuln>
+
<vuln vid="90becf7c-1acf-11e7-970f-002590263bf5">
<topic>xen-kernel -- broken check in memory_exchange() permits PV guest breakout</topic>
<affects>
More information about the svn-ports-head
mailing list