svn commit: r500846 - head/security/vuxml
Kubilay Kocak
koobs at FreeBSD.org
Sun May 5 02:34:33 UTC 2019
Author: koobs
Date: Sun May 5 02:34:31 2019
New Revision: 500846
URL: https://svnweb.freebsd.org/changeset/ports/500846
Log:
security/vuxml: Add comms/hylafax -- Malformed fax sender remote code execution in JPEG support
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun May 5 01:42:48 2019 (r500845)
+++ head/security/vuxml/vuln.xml Sun May 5 02:34:31 2019 (r500846)
@@ -58,6 +58,36 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="3df5a920-6edc-11e9-a44b-0050562a4d7b">
+ <topic>comms/hylafax -- Malformed fax sender remote code execution in JPEG support</topic>
+ <affects>
+ <package>
+ <name>hylafax</name>
+ <range><lt>6.0.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <blockquote cite="ftp://ftp.hylafax.org/security/CVE-2018-17141.html">
+ <p>A malicious sender that sets both JPEG and MH,MR,MMR or JBIG in
+ the same DCS signal or sends a large JPEG page could lead to remote code execution.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-17141</cvename>
+ <url>ftp://ftp.hylafax.org/security/CVE-2018-17141.html</url>
+ <url>https://www.x41-dsec.de/lab/advisories/x41-2018-008-hylafax/</url>
+ <url>http://bugs.hylafax.org/show_bug.cgi?id=974</url>
+ <url>http://git.hylafax.org/HylaFAX?a=commit;h=c6cac8d8cd0dbe313689ba77023e12bc5b3027be</url>
+ </references>
+ <dates>
+ <discovery>2018-08-24</discovery>
+ <entry>2019-05-05</entry>
+ </dates>
+ </vuln>
+
<vuln vid="4faac805-6be0-11e9-a685-001b217b3468">
<topic>Gitlab -- Information Disclosure</topic>
<affects>
More information about the svn-ports-all
mailing list