FreeBSD Bugzilla – Attachment 190478 Details for
Bug 225804
security/vuxml: Document vulnerability in uWSGI (CVE-2018-6758)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Document CVE-2018-6758
vuxml.patch (text/plain), 1.44 KB, created by
VK
on 2018-02-10 12:40:26 UTC
(
hide
)
Description:
Document CVE-2018-6758
Filename:
MIME Type:
Creator:
VK
Created:
2018-02-10 12:40:26 UTC
Size:
1.44 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 461389) >+++ security/vuxml/vuln.xml (working copy) >@@ -58,6 +58,35 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="3b3ff6ec-0e5e-11e8-99b0-d017c2987f9a"> >+ <topic>uwsgi -- stack-based buffer overflow</topic> >+ <affects> >+ <package> >+ <name>uwsgi</name> >+ <range><lt>2.0.16</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>uwsgi reports:</p> >+ <blockquote cite="https://github.com/unbit/uwsgi-docs/blob/master/Changelog-2.0.16.rst"> >+ <p>The uwsgi_expand_path() function in core/utils.c in Unbit uWSGI >+ before 2.0.16 has a stack-based buffer overflow via a large directory >+ length.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://github.com/unbit/uwsgi-docs/blob/master/Changelog-2.0.16.rst</url> >+ <url>https://github.com/unbit/uwsgi/commit/ed1c3bbc6cfc4d566401526fd21ba0984dd7b22a</url> >+ <cvename>CVE-2018-6758</cvename> >+ </references> >+ <dates> >+ <discovery>2018-02-06</discovery> >+ <entry>2018-02-10</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="7a2e0063-0e4e-11e8-94c0-5453ed2e2b49"> > <topic>p7zip-codec-rar -- insufficient error handling</topic> > <affects>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 225804
: 190478