FreeBSD Bugzilla – Attachment 205398 Details for
Bug 238864
textproc/expat2: Update to 2.2.7
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml entry
vuxml.patch (text/plain), 1.41 KB, created by
Sergei Vyshenski
on 2019-06-28 13:35:40 UTC
(
hide
)
Description:
vuxml entry
Filename:
MIME Type:
Creator:
Sergei Vyshenski
Created:
2019-06-28 13:35:40 UTC
Size:
1.41 KB
patch
obsolete
>diff -ur security/vuxml.orig/vuln.xml security/vuxml/vuln.xml >--- security/vuxml.orig/vuln.xml 2019-06-28 00:05:55.000000000 +0300 >+++ security/vuxml/vuln.xml 2019-06-28 16:29:43.686306000 +0300 >@@ -58,6 +58,36 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="c5bd8a25-99a6-11e9-a598-f079596b62f9"> >+ <topic>expat2 -- Fix extraction of namespace prefixes from XML names</topic> >+ <affects> >+ <package> >+ <name>expat2</name> >+ <range><lt>2.2.7</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>expat project reports:</p> >+ <blockquote cite="https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes"> >+ <p> >+ XML names with multiple colons could end up in the >+ wrong namespace, and take a high amount of RAM and CPU >+ resources while processing, opening the door to >+ use for denial-of-service attacks >+ </p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes</url> >+ </references> >+ <dates> >+ <discovery>2019-06-19</discovery> >+ <entry>2019-06-28</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="245629d4-991e-11e9-82aa-6cc21735f730"> > <topic>PostgreSQL -- Stack-based buffer overflow via setting a password</topic> > <affects>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Flags:
svysh.fbsd
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 238864
:
205397
| 205398 |
207511