diff options
author | Thomas Zander <riggs@FreeBSD.org> | 2017-02-18 15:00:23 +0000 |
---|---|---|
committer | Thomas Zander <riggs@FreeBSD.org> | 2017-02-18 15:00:23 +0000 |
commit | 8b1e6e9d2258a5478d5470e602f15f788f2b245a (patch) | |
tree | 14e95b33f53931ef1dc7871273493d4acdc8da83 /security | |
parent | d191ed2f3af8c7c0f569f55d0d2f7c4c1736f7ae (diff) | |
download | ports-8b1e6e9d2258a5478d5470e602f15f788f2b245a.tar.gz ports-8b1e6e9d2258a5478d5470e602f15f788f2b245a.zip |
Document multiple vulnerabilities in audio/wavpack
PR: 216847
Submitted by: pkubaj@anongoth.pl
Notes
Notes:
svn path=/head/; revision=434357
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b21cd26d6f25..8a0e703c5084 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,39 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f1075415-f5e9-11e6-a4e2-5404a68ad561"> + <topic>wavpack -- multiple invalid memory reads</topic> + <affects> + <package> + <name>wavpack</name> + <range><lt>5.1.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>David Bryant reports:</p> + <blockquote cite="http://www.openwall.com/lists/oss-security/2017/01/23/4"> + <p>global buffer overread in read_code / read_words.c</p> + <p>heap out of bounds read in WriteCaffHeader / caff.c</p> + <p>heap out of bounds read in unreorder_channels / wvunpack.c</p> + <p>heap oob read in read_new_config_info / open_utils.c</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.openwall.com/lists/oss-security/2017/01/23/4</url> + <cvename>CVE-2016-10169</cvename> + <cvename>CVE-2016-10170</cvename> + <cvename>CVE-2016-10171</cvename> + <cvename>CVE-2016-10172</cvename> + <url>https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc</url> + </references> + <dates> + <discovery>2017-01-21</discovery> + <entry>2017-02-18</entry> + </dates> + </vuln> + <vuln vid="8fedf75c-ef2f-11e6-900e-003048f78448"> <topic>optipng -- multiple vulnerabilities</topic> <affects> |