This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
0ddb57a9-da20-4e99-b048-4366092f3d31 | bzip2 -- integer overflow vulnerability Secunia reports:
Discovery 2010-09-21 Entry 2010-10-25 bzip2 < 1.0.6 SA-10:08.bzip2 ports/151364 CVE-2010-0405 43331 http://www.openwall.com/lists/oss-security/2010/09/21/4 http://secunia.com/advisories/41452 |
4b6cb45d-881e-447a-a4e0-c97a954ea758 | bzip2 -- multiple issues bzip2 developers reports:
Discovery 2019-06-23 Entry 2019-06-30 bzip2 < 1.0.7 https://gitlab.com/federicomenaquintero/bzip2/blob/master/NEWS https://bugzilla.redhat.com/show_bug.cgi?id=1319648 CVE-2016-3189 CVE-2019-12900 |
197f444f-e8ef-11d9-b875-0001020eed82 | bzip2 -- denial of service and permission race vulnerabilitiesProblem DescriptionTwo problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop. Second, when creating a new file, bzip2 closes the file before setting its permissions. ImpactThe first problem can cause bzip2 to extract a bzip2 archive to an infinitely large file. If bzip2 is used in automated processing of untrusted files this could be exploited by an attacker to create an denial-of-service situation by exhausting disk space or by consuming all available cpu time. The second problem can allow a local attacker to change the permissions of local files owned by the user executing bzip2 providing that they have write access to the directory in which the file is being extracted. WorkaroundDo not uncompress bzip2 archives from untrusted sources and do not uncompress files in directories where untrusted users have write access. Discovery 2005-03-30 Entry 2005-06-29 Modified 2016-08-09 FreeBSD ge 5.4 lt 5.4_3 ge 5.0 lt 5.3_17 ge 4.11 lt 4.11_11 < 4.10_16 bzip2 < 1.0.3_1 CVE-2005-0953 CVE-2005-1260 SA-05:14.bzip2 http://scary.beasts.org/security/CESA-2005-002.txt |
063399fc-f6d6-11dc-bcee-001c2514716c | bzip2 -- crash with certain malformed archive files SecurityFocus reports:
Discovery 2008-03-18 Entry 2008-03-20 bzip2 < 1.0.5 28286 CVE-2008-1372 https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/ |