diff options
| author | Lars Balker Rasmussen <lbr@FreeBSD.org> | 2007-04-30 17:51:53 +0000 |
|---|---|---|
| committer | Lars Balker Rasmussen <lbr@FreeBSD.org> | 2007-04-30 17:51:53 +0000 |
| commit | 77e127836aa497e4cc8f40ed79adda9f7a01440f (patch) | |
| tree | 65857104d93d2b1e831a0e839131c6e9f7c0a7af | |
| parent | 98786cd7776b663653d66e8e400143e11e11cf35 (diff) | |
Update to 0.57 - fixes possible overflow vulnerability regarding malformed
BMPs, see vuln.xml for details.
Security: VuXML ID: 632c98be-aad2-4af2-849f-41a6862afd6a
Notes
Notes:
svn path=/head/; revision=191218
| -rw-r--r-- | graphics/p5-Imager/Makefile | 2 | ||||
| -rw-r--r-- | graphics/p5-Imager/distinfo | 6 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 33 |
3 files changed, 37 insertions, 4 deletions
diff --git a/graphics/p5-Imager/Makefile b/graphics/p5-Imager/Makefile index e7e3dcf1edc6..b0d2a91e103b 100644 --- a/graphics/p5-Imager/Makefile +++ b/graphics/p5-Imager/Makefile @@ -7,7 +7,7 @@ # PORTNAME= Imager -PORTVERSION= 0.56 +PORTVERSION= 0.57 CATEGORIES= graphics perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN} MASTER_SITE_SUBDIR= ${PORTNAME} diff --git a/graphics/p5-Imager/distinfo b/graphics/p5-Imager/distinfo index 80189010155a..1fd99d4267b6 100644 --- a/graphics/p5-Imager/distinfo +++ b/graphics/p5-Imager/distinfo @@ -1,3 +1,3 @@ -MD5 (Imager-0.56.tar.gz) = 42e8b0388541eab11655ab4695918b8d -SHA256 (Imager-0.56.tar.gz) = 8ad88268140a47c995e89d479a6be2b420d71ff8823182018d3b93ae3b76f260 -SIZE (Imager-0.56.tar.gz) = 845250 +MD5 (Imager-0.57.tar.gz) = 293e514b499c769133ac916d70acacea +SHA256 (Imager-0.57.tar.gz) = 3035f2c360482ef02c401e04a65537bd9c2bc2dbdb8177f4381deb5951e01e25 +SIZE (Imager-0.57.tar.gz) = 844397 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 758ce0bb7d29..ebf2fab4b811 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="632c98be-aad2-4af2-849f-41a6862afd6a"> + <topic>p5-Imager - possibly exploitable buffer overflow</topic> + <affects> + <package> + <name>p5-Imager</name> + <range><lt>0.57</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>Imager 0.56 and all earlier versions with BMP support have + security issue when reading compressed 8-bit per pixel BMP + files where either a compressed run of data or a literal run + of data overflows the scan-line.</p> + <p>Such an overflow causes a buffer overflow in a malloc() + allocated memory buffer, possibly corrupting the memory arena + headers.</p> + <p>The effect depends on your system memory allocator, with glibc + this typically results in an abort, but with other memory + allocators it may be possible to cause local code execution.</p> + </body> + </description> + <references> + <url>https://rt.cpan.org/Public/Bug/Display.html?id=26811</url> + <url>http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html</url> + </references> + <dates> + <discovery>2007-04-04</discovery> + <entry>2007-04-30</entry> + </dates> + </vuln> + <vuln vid="275b845e-f56c-11db-8163-000e0c2e438a"> <topic>FreeBSD -- IPv6 Routing Header 0 is dangerous</topic> <affects> |