Bug 225804 - security/vuxml: Document vulnerability in uWSGI (CVE-2018-6758)
Summary: security/vuxml: Document vulnerability in uWSGI (CVE-2018-6758)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Ports Security Team
URL: https://github.com/unbit/uwsgi-docs/b...
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2018-02-10 12:40 UTC by VK
Modified: 2018-02-13 10:10 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)

Attachments
Document CVE-2018-6758 (1.44 KB, patch)
2018-02-10 12:40 UTC, VK 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description VK 2018-02-10 12:40:26 UTC 
Created attachment 190478 [details]
Document CVE-2018-6758

The uwsgi_expand_path() function in core/utils.c in Unbit uWSGI before 2.0.16 has a stack-based buffer overflow via a large directory length.

* CVE-2018-6758

* Summary:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6758

* Release notes:
  https://github.com/unbit/uwsgi-docs/blob/master/Changelog-2.0.16.rst

* Upstream fix:
  https://github.com/unbit/uwsgi/commit/ed1c3bbc6cfc4d566401526fd21ba0984dd7b22a