FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4b6cb45d-881e-447a-a4e0-c97a954ea758	bzip2 -- multiple issues bzip2 developers reports: CVE-2016-3189 - Fix use-after-free in bzip2recover (Jakub Martisko) CVE-2019-12900 - Detect out-of-range nSelectors in corrupted files (Albert Astals Cid). Found through fuzzing karchive. Discovery 2019-06-23 Entry 2019-06-30 bzip2 < 1.0.7 https://gitlab.com/federicomenaquintero/bzip2/blob/master/NEWS https://bugzilla.redhat.com/show_bug.cgi?id=1319648 CVE-2016-3189 CVE-2019-12900
0ddb57a9-da20-4e99-b048-4366092f3d31	bzip2 -- integer overflow vulnerability Secunia reports: A vulnerability has been reported in bzip2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to an integer overflow in the "BZ2_decompress()" function in decompress.c and can be exploited to cause a crash or potentially execute arbitrary code. Discovery 2010-09-21 Entry 2010-10-25 bzip2 < 1.0.6 SA-10:08.bzip2 ports/151364 CVE-2010-0405 43331 http://www.openwall.com/lists/oss-security/2010/09/21/4 http://secunia.com/advisories/41452
063399fc-f6d6-11dc-bcee-001c2514716c	bzip2 -- crash with certain malformed archive files SecurityFocus reports: The 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files. Exploit attempts likely result in application crashes. Discovery 2008-03-18 Entry 2008-03-20 bzip2 < 1.0.5 28286 CVE-2008-1372 https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

VuXML ID

Description

4b6cb45d-881e-447a-a4e0-c97a954ea758

bzip2 -- multiple issues

bzip2 developers reports:

CVE-2016-3189 - Fix use-after-free in bzip2recover (Jakub Martisko)

CVE-2019-12900 - Detect out-of-range nSelectors in corrupted files (Albert Astals Cid). Found through fuzzing karchive.

Discovery 2019-06-23
Entry 2019-06-30
bzip2

< 1.0.7

https://gitlab.com/federicomenaquintero/bzip2/blob/master/NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=1319648
CVE-2016-3189
CVE-2019-12900

0ddb57a9-da20-4e99-b048-4366092f3d31

bzip2 -- integer overflow vulnerability

Secunia reports:

A vulnerability has been reported in bzip2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

The vulnerability is caused due to an integer overflow in the "BZ2_decompress()" function in decompress.c and can be exploited to cause a crash or potentially execute arbitrary code.

Discovery 2010-09-21
Entry 2010-10-25
bzip2

< 1.0.6

SA-10:08.bzip2
ports/151364
CVE-2010-0405
43331
http://www.openwall.com/lists/oss-security/2010/09/21/4
http://secunia.com/advisories/41452

063399fc-f6d6-11dc-bcee-001c2514716c

bzip2 -- crash with certain malformed archive files

SecurityFocus reports:

The 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files.

Exploit attempts likely result in application crashes.

Discovery 2008-03-18
Entry 2008-03-20
bzip2

< 1.0.5

28286
CVE-2008-1372
https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/