Bug 225804

Summary:

security/vuxml: Document vulnerability in uWSGI (CVE-2018-6758)

Product:

Ports & Packages

Reporter:

VK <vlad-fbsd>

Component:

Individual Port(s)

Assignee:

Ports Security Team <ports-secteam>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

eugene

Priority:

---

Keywords:

patch, security

Version:

Latest

Flags:

bugzilla: maintainer-feedback? (ports-secteam)

Hardware:

Any

OS:

Any

URL:

https://github.com/unbit/uwsgi-docs/blob/master/Changelog-2.0.16.rst

See Also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225706

Attachments:

Description	Flags
Document CVE-2018-6758	none

Description VK 2018-02-10 12:40:26 UTC

Created attachment 190478 [details]
Document CVE-2018-6758

The uwsgi_expand_path() function in core/utils.c in Unbit uWSGI before 2.0.16 has a stack-based buffer overflow via a large directory length.

* CVE-2018-6758

* Summary:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6758

* Release notes:
  https://github.com/unbit/uwsgi-docs/blob/master/Changelog-2.0.16.rst

* Upstream fix:
  https://github.com/unbit/uwsgi/commit/ed1c3bbc6cfc4d566401526fd21ba0984dd7b22a

Comment 1 VK 2018-02-13 10:10:56 UTC

Documented in https://svnweb.freebsd.org/ports?view=revision&revision=461689