FreeBSD Bugzilla – Attachment 252983 Details for
Bug 280975
sysutils/afflib: update 3.7.16 → 3.7.20, fix CVE
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
[PATCH] sysutils/afflib: update 3.7.16 → 3.7.20, fix CVE
0001-sysutils-afflib-update-3.7.16-3.7.20-fix-CVE.patch (text/plain), 3.61 KB, created by
Älven
on 2024-08-21 12:17:30 UTC
(
hide
)
Description:
[PATCH] sysutils/afflib: update 3.7.16 → 3.7.20, fix CVE
Filename:
MIME Type:
Creator:
Älven
Created:
2024-08-21 12:17:30 UTC
Size:
3.61 KB
patch
obsolete
>From ab5ecc1395bf56aed1e533ae377a815274528912 Mon Sep 17 00:00:00 2001 >From: Ãlven <alster@vinterdalen.se> >Date: Wed, 21 Aug 2024 16:00:37 +0400 >Subject: [PATCH] sysutils/afflib: update 3.7.16 â 3.7.20, fix CVE >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Security: https://nvd.nist.gov/vuln/detail/CVE-2018-8050 >--- > security/vuxml/vuln/2024.xml | 29 +++++++++++++++++++++++++++++ > sysutils/afflib/Makefile | 13 ++++++------- > sysutils/afflib/distinfo | 6 +++--- > 3 files changed, 38 insertions(+), 10 deletions(-) > >diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml >index a63cbbec6d42..f70ca07b824e 100644 >--- a/security/vuxml/vuln/2024.xml >+++ b/security/vuxml/vuln/2024.xml >@@ -1,3 +1,32 @@ >+ <vuln vid="0cdb2798-5fb6-11ef-af54-a8a15998b5cb"> >+ <topic>afflib_project -- Denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value</topic> >+ <affects> >+ <package> >+ <name>afflib</name> >+ <range><le>3.7.16</le></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>cve@mitre.org reports:</p> >+ <blockquote cite="https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c"> >+ <p>The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka >+ AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial >+ of service (segmentation fault) via a corrupt AFF image that triggers >+ an unexpected pagesize value.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2018-8050</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2018-8050</url> >+ </references> >+ <dates> >+ <discovery>2018-03-11</discovery> >+ <entry>2024-08-21</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="04c9c3f8-5ed3-11ef-8262-b0416f0c4c67"> > <topic>Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter</topic> > <affects> >diff --git a/sysutils/afflib/Makefile b/sysutils/afflib/Makefile >index 45c5d93e4724..bb1e721f82fc 100644 >--- a/sysutils/afflib/Makefile >+++ b/sysutils/afflib/Makefile >@@ -1,12 +1,11 @@ > PORTNAME= afflib >-PORTVERSION= 3.7.16 >-PORTREVISION= 2 > DISTVERSIONPREFIX= v >+DISTVERSION= 3.7.20 > CATEGORIES= sysutils > > MAINTAINER= antoine@FreeBSD.org > COMMENT= Advanced Forensics Format library and utilities >-WWW= https://github.com/sshock/AFFLIBv3 >+WWW= https://github.com/sshock/AFFLIBv3/ > > LICENSE= BSD4CLAUSE > LICENSE_FILE= ${WRKSRC}/COPYING >@@ -14,16 +13,16 @@ LICENSE_FILE= ${WRKSRC}/COPYING > LIB_DEPENDS= libexpat.so:textproc/expat2 \ > libcurl.so:ftp/curl > >+USES= autoreconf cpe fuse libtool pathfix readline ssl >+CPE_VENDOR= ${PORTNAME}_project > USE_GITHUB= yes > GH_ACCOUNT= sshock > GH_PROJECT= AFFLIBv3 >+USE_LDCONFIG= yes > > GNU_CONFIGURE= yes >-GNU_CONFIGURE_MANPREFIX=${PREFIX}/share > CONFIGURE_ARGS= --enable-s3=yes >-USES= autoreconf cpe fuse libtool pathfix readline ssl >-CPE_VENDOR= ${PORTNAME}_project >-USE_LDCONFIG= yes >+ > INSTALL_TARGET= install-strip > > .include <bsd.port.mk> >diff --git a/sysutils/afflib/distinfo b/sysutils/afflib/distinfo >index 6a579471f3a6..bf147920ca42 100644 >--- a/sysutils/afflib/distinfo >+++ b/sysutils/afflib/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1517738136 >-SHA256 (sshock-AFFLIBv3-v3.7.16_GH0.tar.gz) = 9c0522941a24a3aafa027e510c6add5ca9f4defd2d859da3e0b536ad11b6bf72 >-SIZE (sshock-AFFLIBv3-v3.7.16_GH0.tar.gz) = 533501 >+TIMESTAMP = 1724241355 >+SHA256 (sshock-AFFLIBv3-v3.7.20_GH0.tar.gz) = 7264d705ff53185f0847c69abdfce072779c0b907257e087a6372c7608108f65 >+SIZE (sshock-AFFLIBv3-v3.7.20_GH0.tar.gz) = 560441 >-- >2.46.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=252983">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
alster
:
maintainer-approval?
(
antoine
)
Actions:
View
|
Diff
Attachments on
bug 280975
: 252983