This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
2b4c8e1f-1609-11e6-b55e-b499baebfeaf | libarchive -- RCE vulnerability The libarchive project reports:
Discovery 2016-05-01 Entry 2016-05-09 Modified 2016-05-10 libarchive < 3.2.0,1 CVE-2016-1541 https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 |
4a0d9b53-395d-11e6-b3c8-14dae9d210b8 | libarchive -- multiple vulnerabilities Hanno Bock and Cisco Talos report:
Discovery 2016-06-23 Entry 2016-06-23 libarchive < 3.2.1,1 http://openwall.com/lists/oss-security/2016/06/23/6 https://github.com/libarchive/libarchive/issues/521 https://github.com/libarchive/libarchive/issues/717#event-697151157 http://blog.talosintel.com/2016/06/the-poisoned-archives.html CVE-2015-8934 CVE-2016-4300 CVE-2016-4301 CVE-2016-4302 |
792bc222-c5d7-11db-9f82-000e0c2e438a | libarchive -- Infinite loop in corrupt archives handling in libarchiveProblem Description:If the end of an archive is reached while attempting to "skip" past a region of an archive, libarchive will enter an infinite loop wherein it repeatedly attempts (and fails) to read further data. Impact:An attacker able to cause a system to extract (via "tar -x" or another application which uses libarchive) or list the contents (via "tar -t" or another libarchive-using application) of an archive provided by the attacker can cause libarchive to enter an infinite loop and use all available CPU time. Workaround:No workaround is available. Discovery 2006-11-08 Entry 2007-02-26 libarchive < 1.3.1 CVE-2006-5680 SA-06:24.libarchive |
7c63775e-be31-11e5-b5fe-002590263bf5 | libarchive -- multiple vulnerabilities MITRE reports:
Libarchive issue tracker reports:
Discovery 2012-12-06 Entry 2016-01-18 Modified 2016-08-09 libarchive < 3.1.2_5,1 FreeBSD ge 10.3 lt 10.3_4 ge 10.2 lt 10.2_18 ge 10.1 lt 10.1_35 ge 9.3 lt 9.3_43 CVE-2013-0211 CVE-2015-2304 ports/200176 SA-16:22.libarchive SA-16:23.libarchive https://github.com/libarchive/libarchive/pull/110 https://github.com/libarchive/libarchive/commit/5935715 https://github.com/libarchive/libarchive/commit/2253154 https://github.com/libarchive/libarchive/issues/502 https://github.com/libarchive/libarchive/commit/3865cf2 https://github.com/libarchive/libarchive/commit/e6c9668 https://github.com/libarchive/libarchive/commit/24f5de6 |