FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7943794f-707f-4e31-9fea-3bbf1ddcedc1mozilla -- multiple vulnerabilities

The Mozilla Foundation reports:

CVE-2018-5146: Out of bounds memory write in libvorbis

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

CVE-2018-5147: Out of bounds memory write in libtremor

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.


Discovery 2018-03-16
Entry 2018-03-16
Modified 2018-03-31
libvorbis
lt 1.3.6,3

libtremor
lt 1.2.1.s20180316

firefox
lt 59.0.1,1

waterfox
lt 56.0.4.36_3

seamonkey
linux-seamonkey
lt 2.49.3

firefox-esr
lt 52.7.2,1

linux-firefox
lt 52.7.2,2

libxul
lt 52.7.3

thunderbird
linux-thunderbird
lt 52.7.0

CVE-2018-5146
CVE-2018-5147
https://www.mozilla.org/security/advisories/mfsa2018-08/
https://www.mozilla.org/security/advisories/mfsa2018-09/
3dac84c9-bce1-4199-9784-d68af1eb7b2elibtremor -- multiple vulnerabilities

The RedHat Project reports:

Will Drewry of the Google Security Team reported multiple issues in OGG Vorbis and Tremor libraries, that could cause application using those libraries to crash (NULL pointer dereference or divide by zero), enter an infinite loop or cause heap overflow caused by integer overflow.


Discovery 2008-03-19
Entry 2015-08-25
Modified 2015-08-25
libtremor
lt 1.2.0.s20101013

CVE-2008-1418
CVE-2008-1419
CVE-2008-1420
CVE-2008-1423
CVE-2008-2009
http://redpig.dataspill.org/2008/05/multiple-vulnerabilities-in-ogg-tremor.html
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=7e94eea
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=1d1f93e
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=159efc4
40497e81-fee3-4e54-9d5f-175a5c633b73libtremor -- memory corruption

The Mozilla Project reports:

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution.


Discovery 2012-01-31
Entry 2015-08-25
Modified 2015-08-25
libtremor
lt 1.2.0.s20120120

CVE-2012-0444
https://bugzilla.mozilla.org/show_bug.cgi?id=719612
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=3daa274