Fix: <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuln vid="0809ce7d-f672-4924-9b3b-7c74bc279b83"> <topic>gtar -- GNU TAR and CPIO safer_name_suffix Remote Denial of Service Vulnerability</topic> <affects> <package> <name>gtar</name> <range><lt>1.16</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>SecurityFocus reports:</p> <blockquote cite="http://www.securityfocus.com/bid/26445/"> <p>GNUs tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the alloca function. Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code but this has not been confirmed. GNU tar and cpio utilities share the same vulnerable code and are both affected. Other utilities sharing this code may also be affected. </p> </blockquote> </body> </description> <references> <url>http://www.securityfocus.com/bid/26445/</url> <cvename>CVE-2007-4476</cvename> <bid>26445</bid> </references> <dates> <discovery>2007-11-14</discovery> <entry>2009-01-15</entry> </dates> </vuln>
Responsible Changed From-To: freebsd-ports-bugs->naddy Over to maintainer (via the GNATS Auto Assign Tool)
naddy 2009-01-16 16:11:04 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Document vulnerability in older versions of GNU tar. PR: 130602 Submitted by: Mark Foster <mark@foster.cc> Revision Changes Path 1.1825 +33 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed with some modifications, thank you. As far as I can tell, all gtar versions prior to 1.19 are affected.