FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e543c6f8-abf2-11e4-8ac7-d050992ecde8unzip -- out of boundary access issues in test_compr_eb

Ubuntu Security Notice USN-2489-1 reports:

Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.


Discovery 2014-11-02
Entry 2015-02-03
unzip
< 6.0_4

CVE-2014-9636
http://www.ubuntu.com/usn/usn-2489-1/
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9636.html
http://seclists.org/oss-sec/2014/q4/489
http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
86c3c66e-b2f5-11e5-863a-b499baebfeafunzip -- multiple vulnerabilities

Gustavo Grieco reports:

Two issues were found in unzip 6.0:

* A heap overflow triggered by unzipping a file with password (e.g unzip -p -P x sigsegv.zip).

* A denegation of service with a file that never finishes unzipping (e.g. unzip sigxcpu.zip).


Discovery 2015-09-26
Entry 2016-01-04
unzip
< 6.0_7

http://www.openwall.com/lists/oss-security/2015/09/07/4
ports/204413
CVE-2015-7696
CVE-2015-7697
3680b234-b6f0-11e4-b7cc-d050992ecde8unzip -- heap based buffer overflow in iconv patch

Ubuntu Security Notice USN-2502-1 reports:

unzip could be made to run programs if it opened a specially crafted file.


Discovery 2015-02-17
Entry 2015-02-17
unzip
< 6.0_5

CVE-2015-1315
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1315.html
https://security-tracker.debian.org/tracker/CVE-2015-1315
http://www.ubuntu.com/usn/usn-2502-1/
d9360908-9d52-11e4-87fd-10bf48e1088eunzip -- input sanitization errors

oCERT reports:

The UnZip tool is an open source extraction utility for archives compressed in the zip format.

The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the test_compr_eb() and the getZip64Data() functions. The input errors may result in arbitrary code execution.

A specially crafted zip file, passed to unzip -t, can be used to trigger the vulnerability.


Discovery 2014-12-03
Entry 2015-01-16
unzip
le 6.0_2

CVE-2014-8139
CVE-2014-8140
CVE-2014-8141
http://www.info-zip.org/UnZip.html
https://bugzilla.redhat.com/show_bug.cgi?id=1174844
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8140
https://bugzilla.redhat.com/show_bug.cgi?id=1174856