FreeBSD Bugzilla – Attachment 211995 Details for
Bug 244474
security/vuxml: Document CVE-2020-9308 of libarchive
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch file
security_vuxml.patch (text/plain), 1.63 KB, created by
Yasuhiro Kimura
on 2020-02-27 18:10:32 UTC
(
hide
)
Description:
Patch file
Filename:
MIME Type:
Creator:
Yasuhiro Kimura
Created:
2020-02-27 18:10:32 UTC
Size:
1.63 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 527218) >+++ security/vuxml/vuln.xml (working copy) >@@ -58,6 +58,38 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="3a17c4ef-5989-11ea-bc19-9c5c8e75236a"> >+ <topic>libarchive -- SIGSEGV or possibly unspecified other impact</topic> >+ <affects> >+ <package> >+ <name>libarchive</name> >+ <range><lt>3.4.2,1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>MITRE Corporation reports:</p> >+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9308"> >+ <p> >+ archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to >+ unpack a RAR5 file with an invalid or corrupted header (such as a header >+ size of zero), leading to a SIGSEGV or possibly unspecified other impact. >+ </p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2020-9308</cvename> >+ <url>https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459</url> >+ <url>https://github.com/libarchive/libarchive/pull/1326</url> >+ <url>https://github.com/libarchive/libarchive/pull/1326/commits/94821008d6eea81e315c5881cdf739202961040a</url> >+ </references> >+ <dates> >+ <discovery>2020-02-20</discovery> >+ <entry>2020-02-27</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="f0683976-5779-11ea-8a77-1c872ccb1e42"> > <topic>LPE and RCE in OpenSMTPD's default install</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=211995">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 244474
: 211995
Working