[Bug 225772] [PATCH] sysutils/bchunk: update to 1.2.2 which fixes three CVEs from 2017 and take maintainership
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Feb 8 21:07:29 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225772
Bug ID: 225772
Summary: [PATCH] sysutils/bchunk: update to 1.2.2 which fixes
three CVEs from 2017 and take maintainership
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: 180126-bugzilla_freebsd_org at k-worx.org
Keywords: patch
Created attachment 190442
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=190442&action=edit
Patch to v1.2.2
This patch updates bchunk to version 1.2.2 which contains following security
fixes:
- CVE-2017-15953 and CVE-2017-15954, a heap-based buffer overflow.
- CVE-2017-15955, Access violation near NULL on destination operand and crash
when processing a malformed CUE (.cue) file.
Following bugfixes/improvements were done:
- Fix wrong track size calculation when having multiple tracks in one image
- Clarified manual page for input/output file types.
QA:
~~~
- portlint -A -> OK
- poudriere (11.1-RELEASE i386 and amd64) -> OK
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list