svn commit: r476991 - head/security/vuxml
Tobias Kortkamp
tobik at FreeBSD.org
Sun Aug 12 13:44:40 UTC 2018
Author: tobik
Date: Sun Aug 12 13:44:39 2018
New Revision: 476991
URL: https://svnweb.freebsd.org/changeset/ports/476991
Log:
Document lang/chicken vulerabilities
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Aug 12 13:35:35 2018 (r476990)
+++ head/security/vuxml/vuln.xml Sun Aug 12 13:44:39 2018 (r476991)
@@ -58,6 +58,42 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="5a771686-9e33-11e8-8b2d-9cf7a8059466">
+ <topic>chicken -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chicken</name>
+ <range><lt>4.13.0,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>CHICKEN reports:</p>
+ <blockquote cite="https://code.call-cc.org/releases/4.13.0/NEWS">
+ <ul>
+ <li>CVE-2017-6949: Unchecked malloc() call in SRFI-4
+ constructors when allocating in non-GC memory, resulting
+ in potential 1-word buffer overrun and/or segfault</li>
+ <li>CVE-2017-9334: "length" crashes on improper lists</li>
+ <li>CVE-2017-11343: The randomization factor of the symbol
+ table was set before the random seed was set, causing it
+ to have a fixed value on many platforms</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://code.call-cc.org/releases/4.13.0/NEWS</url>
+ <cvename>CVE-2017-6949</cvename>
+ <cvename>CVE-2017-9334</cvename>
+ <cvename>CVE-2017-11343</cvename>
+ </references>
+ <dates>
+ <discovery>2017-03-16</discovery>
+ <entry>2018-08-12</entry>
+ </dates>
+ </vuln>
+
<vuln vid="bcf56a42-9df8-11e8-afb0-589cfc0f81b0">
<topic>gitea -- TOTP passcode reuse</topic>
<affects>
More information about the svn-ports-all
mailing list