FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
72709326-81f7-11eb-950a-00155d646401	go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open The Go project reports: The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element. The Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive containing files that start with "../". Discovery 2021-03-05 Entry 2021-03-10 go < 1.16.1,1 CVE-2021-27918 http://golang.org/issue/44913 CVE-2021-27919 http://golang.org/issue/44916

VuXML ID

Description

72709326-81f7-11eb-950a-00155d646401

go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open

The Go project reports:

The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element.

The Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive containing files that start with "../".

Discovery 2021-03-05
Entry 2021-03-10
go

< 1.16.1,1

CVE-2021-27918
http://golang.org/issue/44913
CVE-2021-27919
http://golang.org/issue/44916