FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
72709326-81f7-11eb-950a-00155d646401go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open

The Go project reports:

The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element.

The Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive containing files that start with "../".


Discovery 2021-03-05
Entry 2021-03-10
go
lt 1.16.1,1

CVE-2021-27918
http://golang.org/issue/44913
CVE-2021-27919
http://golang.org/issue/44916