FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
dbd1f627-c43b-11e9-a923-9c5c8e75236aclamav -- multiple vulnerabilities

Micah Snyder reports:

  • An out of bounds write was possible within ClamAV&s NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library (CVE-2019-12900). The issue has been resolved by respecting that limit.
  • The zip bomb vulnerability mitigated in 0.101.3 has been assigned the CVE identifier CVE-2019-12625. Unfortunately, a workaround for the zip-bomb mitigation was immediately identified. To remediate the zip-bomb scan time issue, a scan time limit has been introduced in 0.101.4. This limit now resolves ClamAV's vulnerability to CVE-2019-12625.

Discovery 2019-08-21
Entry 2019-08-21
clamav
lt 0.101.4,1

clamav-milter
lt 0.101.4,1

CVE-2019-12625
https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
CVE-2019-12900