git: 1bdede316d9c - main - security/vuxml: Add record for devel/libqb < 2.0.8 CVE-2023-39976

From: Vladimir Druzenko <vvd_at_FreeBSD.org>
Date: Mon, 04 Nov 2024 19:03:47 UTC
The branch main has been updated by vvd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1bdede316d9cf2b726ee433f32a64a6708a67b48

commit 1bdede316d9cf2b726ee433f32a64a6708a67b48
Author:     Älven <alster@vinterdalen.se>
AuthorDate: 2024-11-04 19:01:32 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-11-04 19:01:32 +0000

    security/vuxml: Add record for devel/libqb < 2.0.8 CVE-2023-39976
    
    log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long
    log messages because the header size is not considered.
    https://nvd.nist.gov/vuln/detail/CVE-2023-39976
    
    PR:     282536
---
 security/vuxml/vuln/2024.xml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index a429279ea8d2..8d6ab366760f 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,30 @@
+  <vuln vid="ecf9a798-9aa9-11ef-a8f0-a8a15998b5cb">
+    <topic>libqb -- Buffer overflow</topic>
+    <affects>
+      <package>
+	<name>libqb</name>
+	<range><lt>2.0.8</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>cve@mitre.org reports:</p>
+	<blockquote cite="https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8">
+	  <p>log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via
+	long log messages because the header size is not considered.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2023-39976</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-39976</url>
+    </references>
+    <dates>
+      <discovery>2023-08-08</discovery>
+      <entry>2024-11-04</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="e17384ef-c5e8-4b5d-bb62-c13405e7f1f7">
     <topic>chromium -- multiple security fixes</topic>
     <affects>