FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-27 12:04:33 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4caf01e2-30e6-11e5-a4a5-002590263bf5	libidn -- out-of-bounds read issue with invalid UTF-8 input Simon Josefsson reports: stringprep_utf8_to_ucs4 now rejects invalid UTF-8. This function has always been documented to not validate that the input UTF-8 string is actually valid UTF-8... Discovery 2015-02-09 Entry 2015-07-23 Modified 2015-08-03 libidn < 1.31 CVE-2015-2059 http://git.savannah.gnu.org/cgit/libidn.git/plain/NEWS?id=libidn-1-31
cb5189eb-572f-11e6-b334-002590263bf5	libidn -- multiple vulnerabilities Simon Josefsson reports: libidn: Fix out-of-bounds stack read in idna_to_ascii_4i. idn: Solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline. libidn: stringprep_utf8_nfkc_normalize reject invalid UTF-8. It was always documented to only accept UTF-8 data, but now it doesn't crash when presented with such data. Discovery 2016-07-20 Entry 2016-07-31 libidn < 1.33 CVE-2016-6261 CVE-2015-8948 CVE-2016-6262 CVE-2016-6263 https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html http://www.openwall.com/lists/oss-security/2016/07/21/4

VuXML ID

Description

4caf01e2-30e6-11e5-a4a5-002590263bf5

libidn -- out-of-bounds read issue with invalid UTF-8 input

Simon Josefsson reports:

stringprep_utf8_to_ucs4 now rejects invalid UTF-8. This function has always been documented to not validate that the input UTF-8 string is actually valid UTF-8...

Discovery 2015-02-09
Entry 2015-07-23
Modified 2015-08-03
libidn

< 1.31

CVE-2015-2059
http://git.savannah.gnu.org/cgit/libidn.git/plain/NEWS?id=libidn-1-31

cb5189eb-572f-11e6-b334-002590263bf5

libidn -- multiple vulnerabilities

Simon Josefsson reports:

libidn: Fix out-of-bounds stack read in idna_to_ascii_4i.

idn: Solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline.

libidn: stringprep_utf8_nfkc_normalize reject invalid UTF-8. It was always documented to only accept UTF-8 data, but now it doesn't crash when presented with such data.

Discovery 2016-07-20
Entry 2016-07-31
libidn

< 1.33

CVE-2016-6261
CVE-2015-8948
CVE-2016-6262
CVE-2016-6263
https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
http://www.openwall.com/lists/oss-security/2016/07/21/4