Bug 251102
| Summary: | textproc/raptor2: another crash report from fuzzing | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Kurt Jaeger <pi> |
| Component: | Individual Port(s) | Assignee: | freebsd-kde (group) <kde> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | CC: | adridg, pi, tcberner |
| Priority: | --- | Flags: | tcberner:
maintainer-feedback+
|
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
Kurt Jaeger
2020-11-13 13:56:10 UTC
Moin moin That should already be adressed; See r554670 and r554671 mfg Tobias If I read the golem article, the CVE covers another bug, which is indeed fixed by the two revisions. Hanno links a new bug which has no CVE and no fix as of now. (In reply to Kurt Jaeger from comment #2) The link is at the very end of the article, bug 650 A commit references this bug: Author: adridg Date: Sat Feb 20 16:23:20 UTC 2021 New revision: 566164 URL: https://svnweb.freebsd.org/changeset/ports/566164 Log: Add fix for CVE-2020-25713 raptor2: malformed input file segfault The sample file in the upstream bug report from the PR causes a bus error in PORTREVISION 16, and returns an error (as I suppose it should) now. PR: 251102 Reported by: pi Obtained from: upstream Changes: head/textproc/raptor2/Makefile head/textproc/raptor2/files/patch-CVE-2020-25713 A commit references this bug: Author: adridg Date: Sat Feb 20 16:38:05 UTC 2021 New revision: 566165 URL: https://svnweb.freebsd.org/changeset/ports/566165 Log: Add vuxml entry for textproc/raptor2 CVE PR: 251102 Changes: head/security/vuxml/vuln.xml Thanks for reporting; it was indeed one *more* bug (which bus errors for me, rather than segfaulting, but still not good). |