svn commit: r554670 - head/security/vuxml
Tobias C. Berner
tcberner at FreeBSD.org
Mon Nov 9 05:28:06 UTC 2020
Author: tcberner
Date: Mon Nov 9 05:28:05 2020
New Revision: 554670
URL: https://svnweb.freebsd.org/changeset/ports/554670
Log:
Document vulnerability in textproc/raptor2
From [1], [2], [3]:
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML
writer, leading to heap-based buffer overflows (sometimes seen in
raptor_qname_format_as_xml).
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926
[2] https://www.debian.org/security/2020/dsa-4785
[3] https://www.openwall.com/lists/oss-security/2017/06/07/1
PR: 250971
Security: CVE-2017-18926
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Nov 9 05:07:47 2020 (r554669)
+++ head/security/vuxml/vuln.xml Mon Nov 9 05:28:05 2020 (r554670)
@@ -58,6 +58,35 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="07c7ae7a-224b-11eb-aa6e-e0d55e2a8bf9">
+ <topic>raptor2 -- buffer overflow</topic>
+ <affects>
+ <package>
+ <name>raptor2</name>
+ <range><lt>2.0.15_16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>CVE MITRE reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926">
+ <p>
+ raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926</url>
+ <url>https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1</url>
+ <cvename>2017-18926</cvename>
+ </references>
+ <dates>
+ <discovery>2017-04-16</discovery>
+ <entry>2020-11-09</entry>
+ </dates>
+ </vuln>
+
<vuln vid="cf39ddf8-21be-11eb-8b47-641c67a117d8">
<topic>jupyter notebook -- open redirect vulnerability</topic>
<affects>
More information about the svn-ports-head
mailing list