This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-09-13 07:13:07 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
4a4e9f88-491c-11e4-ae2c-c80aa9043978 | bash -- out-of-bounds memory access in parser RedHat security team reports:
Discovery 2014-09-25 Entry 2014-10-01 bash bash-static < 4.3.27_1 https://access.redhat.com/security/cve/CVE-2014-7186 CVE-2014-7186 CVE-2014-7187 |
71ad81da-4414-11e4-a33e-3c970e169bc2 | bash -- remote code execution vulnerability Chet Ramey reports:
The original fix released for CVE-2014-6271 was not adequate. A similar vulnerability was discovered and tagged as CVE-2014-7169. Discovery 2014-09-24 Entry 2014-09-24 Modified 2014-09-25 bash bash-static > 3.0 le 3.0.17 > 3.1 le 3.1.18 > 3.2 le 3.2.52 > 4.0 le 4.0.39 > 4.1 le 4.1.12 > 4.2 le 4.2.48 > 4.3 lt 4.3.25_1 linux_base-c6 < 6.5_1 CVE-2014-6271 CVE-2014-7169 https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html http://seclists.org/oss-sec/2014/q3/690 |
512d1301-49b9-11e4-ae2c-c80aa9043978 | bash -- remote code execution Note that this is different than the public "Shellshock" issue. Specially crafted environment variables could lead to remote arbitrary code execution. This was fixed in bash 4.3.27, however the port was patched with a mitigation in 4.3.25_2. Discovery 2014-09-27 Entry 2014-10-01 bash bash-static < 4.3.25_2 http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html CVE-2014-6277 CVE-2014-6278 |