mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-20 20:09:11 +00:00
vuxml: Add entry for gnupg 2.2.21 - 2.2.22
This commit is contained in:
parent
f916fe70dd
commit
672ce5d301
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=547500
@ -58,6 +58,37 @@ Notes:
|
||||
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="f9fa7adc-ee51-11ea-a240-002590acae31">
|
||||
<topic>gnupg -- AEAD key import overflow</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>gnupg</name>
|
||||
<range><ge>2.2.21</ge></range>
|
||||
<range><lt>2.2.23</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>Importing an OpenPGP key having a preference list for AEAD algorithms
|
||||
will lead to an array overflow and thus often to a crash or other
|
||||
undefined behaviour.</p>
|
||||
|
||||
<p>Importing an arbitrary key can often easily be triggered by an attacker
|
||||
and thus triggering this bug. Exploiting the bug aside from crashes is
|
||||
not trivial but likely possible for a dedicated attacker. The major
|
||||
hurdle for an attacker is that only every second byte is under their
|
||||
control with every first byte having a fixed value of 0x04.</p>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<cvename>CVE-2020-25125</cvename>
|
||||
<url>https://dev.gnupg.org/T5050</url>
|
||||
</references>
|
||||
<dates>
|
||||
<entry>2020-09-03</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="762b7d4a-ec19-11ea-88f8-901b0ef719ab">
|
||||
<topic>FreeBSD -- dhclient heap overflow</topic>
|
||||
<affects>
|
||||
|
Loading…
Reference in New Issue
Block a user