FreeBSD Bugzilla – Attachment 174759 Details for
Bug 212672
graphics/openjpeg: fix CVE-2016-5157, CVE-2016-7163
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml patch
vuxml.patch (text/plain), 1.96 KB, created by
Piotr Kubaj
on 2016-09-14 00:24:40 UTC
(
hide
)
Description:
vuxml patch
Filename:
MIME Type:
Creator:
Piotr Kubaj
Created:
2016-09-14 00:24:40 UTC
Size:
1.96 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 421879) >+++ vuln.xml (working copy) >@@ -58,6 +58,44 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="b7d56d0b-7a11-11e6-af78-589cfc0654e1"> >+ <topic>openjpeg -- multiple vulnerabilities </topic> >+ <affects> >+ <package> >+ <name>openjpeg</name> >+ <range><lt>2.1.1_1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Tencent's Xuanwu LAB reports:</p> >+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/09/08/2"> >+ <p>A Heap Buffer Overflow (Out-of-Bounds Write) issue was found in >+ function opj_dwt_interleave_v of dwt.c. This vulnerability allows >+ remote attackers to execute arbitrary code on vulnerable installations >+ of OpenJPEG.</p> >+ </blockquote> >+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/09/08/3"> >+ <p>An integer overflow issue exists in function opj_pi_create_decode of >+ pi.c. It can lead to Out-Of-Bounds Read and Out-Of-Bounds Write in >+ function opj_pi_next_cprl of pi.c (function opj_pi_next_lrcp, >+ opj_pi_next_rlcp, opj_pi_next_rpcl, opj_pi_next_pcrl may also be >+ vulnerable). This vulnerability allows remote attackers to execute >+ arbitrary code on vulnerable installations of OpenJPEG.</p> >+ </body> >+ </description> >+ <references> >+ <url>"http://www.openwall.com/lists/oss-security/2016/09/08/2"</url> >+ <url>"http://www.openwall.com/lists/oss-security/2016/09/08/3"</url> >+ <cvename>CVE-2016-5157</cvename> >+ <cvename>CVE-2016-7163</cvename> >+ </references> >+ <dates> >+ <discovery>2016-09-08</discovery> >+ <entry>2016-09-14</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="a0128291-7690-11e6-95a8-0011d823eebd"> > <topic>gnutls -- OCSP validation issue</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=174759">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
pkubaj
:
maintainer-approval?
(
ports-secteam
)
Actions:
View
|
Diff
Attachments on
bug 212672
:
174758
| 174759