Attachment #170902 for bug #209926

View | Details | Raw Unified | Return to bug 209926
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="65bb1858-27de-11e6-b714-74d02b9a84d5">
    <topic>h2o -- use after free on premature connection close</topic>
    <affects>
      <package>
	<name>h2o</name>
	<range><lt>1.7.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Newsha reports:</p>
	<blockquote cite="http://h2o.examp1e.net/vulnerabilities.html">
	  <p>When H2O tries to disconnect a premature HTTP/2 connection, it
	    calls free(3) to release memory allocated for the connection and
	    immediately after then touches the memory. No malloc-related
	    operation is performed by the same thread between the time it calls
	    free and the time the memory is touched. Fixed by Frederik
	    Deweerdt.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://h2o.examp1e.net/vulnerabilities.html</url>
    </references>
    <dates>
      <discovery>2016-05-17</discovery>
      <entry>2016-05-26</entry>
    </dates>
  </vuln>

  <vuln vid="36cf7670-2774-11e6-af29-f0def16c5c1b">
    <topic>nginx -- a specially crafted request might result in worker process crash</topic>
    <affects>

Lines 2-8 Link Here

(-)b/www/h2o/Makefile (-1 / +1 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= h2o	4	PORTNAME= h2o
5	PORTVERSION= 1.7.2	5	PORTVERSION= 1.7.3
6	DISTVERSIONPREFIX= v	6	DISTVERSIONPREFIX= v
7	CATEGORIES= www	7	CATEGORIES= www
8		8

Lines 1-3 Link Here

(-)b/www/h2o/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1463131188	1	TIMESTAMP = 1464774475
2	SHA256 (h2o-h2o-v1.7.2_GH0.tar.gz) = fd75eab905dff9bcfd6c9c45d83a4cd0c133cc82a7d3dd48537244b12c2327a8	2	SHA256 (h2o-h2o-v1.7.3_GH0.tar.gz) = 546bcde8aa3cf996d161d1e75aaad159d10fca1b3d368c4270f0674e8c78a213
3	SIZE (h2o-h2o-v1.7.2_GH0.tar.gz) = 6541718	3	SIZE (h2o-h2o-v1.7.3_GH0.tar.gz) = 6541316

Return to bug 209926

Lines 58-63 Notes: Link Here

(-)b/security/vuxml/vuln.xml (+30 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="65bb1858-27de-11e6-b714-74d02b9a84d5">
		62	<topic>h2o -- use after free on premature connection close</topic>
		63	<affects>
		64	<package>
		65	<name>h2o</name>
		66	<range><lt>1.7.3</lt></range>
		67	</package>
		68	</affects>
		69	<description>
		70	<body xmlns="http://www.w3.org/1999/xhtml">
		71	<p>Tim Newsha reports:</p>
		72	<blockquote cite="http://h2o.examp1e.net/vulnerabilities.html">
		73	<p>When H2O tries to disconnect a premature HTTP/2 connection, it
		74	calls free(3) to release memory allocated for the connection and
		75	immediately after then touches the memory. No malloc-related
		76	operation is performed by the same thread between the time it calls
		77	free and the time the memory is touched. Fixed by Frederik
		78	Deweerdt.</p>
		79	</blockquote>
		80	</body>
		81	</description>
		82	<references>
		83	<url>https://h2o.examp1e.net/vulnerabilities.html</url>
		84	</references>
		85	<dates>
		86	<discovery>2016-05-17</discovery>
		87	<entry>2016-05-26</entry>
		88	</dates>
		89	</vuln>
		90
61	<vuln vid="36cf7670-2774-11e6-af29-f0def16c5c1b">	91	<vuln vid="36cf7670-2774-11e6-af29-f0def16c5c1b">
62	<topic>nginx -- a specially crafted request might result in worker process crash</topic>	92	<topic>nginx -- a specially crafted request might result in worker process crash</topic>
63	<affects>	93	<affects>