diff options
| author | Dave Cottlehuber <dch@FreeBSD.org> | 2021-06-28 14:51:30 +0000 |
|---|---|---|
| committer | Dave Cottlehuber <dch@FreeBSD.org> | 2021-06-28 15:01:36 +0000 |
| commit | 3ad8c34a571920724d5b47b5b5b22108bdc7455d (patch) | |
| tree | 0f16d08deed6419d3ca642e713bbf6e2d08c0f6a | |
| parent | 69c471ebe0077879c98fb2d66ada7d414dbac592 (diff) | |
| download | ports-3ad8c34a571920724d5b47b5b5b22108bdc7455d.tar.gz ports-3ad8c34a571920724d5b47b5b5b22108bdc7455d.zip | |
security/vuxml: Pet rabbitmq-c entry
make clean validate failed after rebased commit
fix package name error and indentation issues
| -rw-r--r-- | security/vuxml/vuln-2021.xml | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index c95c6dc15edd..faf3184c5a57 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -2,10 +2,13 @@ <topic>RabbitMQ-C -- integer overflow leads to heap corruption</topic> <affects> <package> - <name>net/rabbitmq-c</name> - <name>net/rabbitmq-c-devel</name> + <name>rabbitmq-c</name> + <name>rabbitmq-c-devel</name> <range><lt>0.10.0</lt></range> </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> <p>alanxz reports:</p> <blockquote cite="https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a"> <p>When parsing a frame header, validate that the frame_size is less than @@ -16,7 +19,7 @@ when computing state->target_size resulting in a small value there. A buffer is then allocated with the small amount, then memcopy copies the frame_size writing to memory beyond the end of the buffer.</p> - </blockquote> + </blockquote> </body> </description> <references> @@ -27,7 +30,7 @@ <discovery>2019-10-29</discovery> <entry>2021-06-25</entry> </dates> - </vuln> +</vuln> <vuln vid="41bc849f-d5ef-11eb-ae37-589cfc007716"> <topic>PuppetDB -- SQL Injection</topic> |