https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250971
--- Comment #2 from [email protected] --- A commit references this bug: Author: tcberner Date: Mon Nov 9 05:28:06 UTC 2020 New revision: 554670 URL: https://svnweb.freebsd.org/changeset/ports/554670 Log: Document vulnerability in textproc/raptor2 From [1], [2], [3]: raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926 [2] https://www.debian.org/security/2020/dsa-4785 [3] https://www.openwall.com/lists/oss-security/2017/06/07/1 PR: 250971 Security: CVE-2017-18926 Changes: head/security/vuxml/vuln.xml -- You are receiving this mail because: You are the assignee for the bug.
