diff options
author | Bernard Spil <brnrd@FreeBSD.org> | 2016-05-09 19:31:37 +0000 |
---|---|---|
committer | Bernard Spil <brnrd@FreeBSD.org> | 2016-05-09 19:31:37 +0000 |
commit | b162764570c8cc234ab17cd74c9f39e9913c85da (patch) | |
tree | 4b8945d6502defa581f188d80c337beff52d81d3 | |
parent | 96fdc0d6069b67ac715512eef5514f489af5e0af (diff) | |
download | ports-b162764570c8cc234ab17cd74c9f39e9913c85da.tar.gz ports-b162764570c8cc234ab17cd74c9f39e9913c85da.zip |
security/vuxml: Add entry for libarchive
- Vulnerable < 2.3.0
Reviewed by: feld (mentor)
Approved by: feld (mentor, ports-secteam)
Security: CVE-2016-1541
Notes
Notes:
svn path=/head/; revision=414889
-rw-r--r-- | security/vuxml/vuln.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 768367ef388b..47eefd4464cf 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,34 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2b4c8e1f-1609-11e6-b55e-b499baebfeaf"> + <topic>libarchive -- RCE vulnerability</topic> + <affects> + <package> + <name>libarchive</name> + <range><lt>2.3.0,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The libarchive project reports:</p> + <blockquote cite="https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7"> + <p>Heap-based buffer overflow in the zip_read_mac_metadata function in + archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote + attackers to execute arbitrary code via crafted entry-size values in a ZIP + archive.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7</url> + </references> + <dates> + <discovery>2016-05-01</discovery> + <entry>2016-05-09</entry> + </dates> + </vuln> + <vuln vid="25e5205b-1447-11e6-9ead-6805ca0b3d42"> <topic>squid -- multiple vulnerabilities</topic> <affects> |