<vuln vid="8a78bd4b-1e88-43bd-9bfa-5aa29cb979c2"> <topic>libevent -- integer overflow in evbuffers</topic> <affects> <package> <name>libevent</name> <range><lt>1.4.15</lt></range> </package> <package> <name>libevent2</name> <range><lt>2.0.22</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>A defect in the Libevent evbuffer API leaves some programs that pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. </p> </body> </description> <references> <url>http://archives.seul.org/libevent/users/Jan-2015/msg00010.html</url>; <cvename>CVE-2014-6272</cvename> </references> <dates> <discovery>2015-01-05</discovery> <entry>2015-01-09</entry> </dates> </vuln>
Hi, Due to an issue with the backend FreeBSD Bugzilla database, your original PR and any updates to it since have been lost. I've recreated the original PR as best as I can, however any attachments and updates you submitted to the PR have been lost. Please could you resubmit them? Thanks, and apologies.
The (vanished) patch landed together with bug 196639 as ports r376665. VuXML entry in comment 0 added as ports r376799.