aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorbdrewery <bdrewery@FreeBSD.org>2014-10-02 06:12:11 +0800
committerbdrewery <bdrewery@FreeBSD.org>2014-10-02 06:12:11 +0800
commit8bce6e9b7dd65127b9885ba1f3a34f5e1cf9f91e (patch)
treec638a5dc9905bc9920513b21bd08e00f67d4c2bc /security
parent292f9ca047499f41693a1a4b007cc6724f9e9454 (diff)
downloadfreebsd-ports-gnome-8bce6e9b7dd65127b9885ba1f3a34f5e1cf9f91e.tar.gz
freebsd-ports-gnome-8bce6e9b7dd65127b9885ba1f3a34f5e1cf9f91e.tar.zst
freebsd-ports-gnome-8bce6e9b7dd65127b9885ba1f3a34f5e1cf9f91e.zip
- Document CVE-2014-7187 fixed in bash-4.3.27_1
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml7
1 files changed, 7 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 1692cfd3ab7d..a52ba8e96cfa 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -105,11 +105,18 @@ Notes:
possibly leading to arbitrary code execution when evaluating
untrusted input that would not otherwise be run as code.</p>
</blockquote>
+ <blockquote cite="https://access.redhat.com/security/cve/CVE-2014-7187">
+ <p>An off-by-one error was discovered in the way Bash was handling
+ deeply nested flow control constructs. Depending on the layout of
+ the .bss segment, this could allow arbitrary execution of code that
+ would not otherwise be executed by Bash.</p>
+ </blockquote>
</body>
</description>
<references>
<url>https://access.redhat.com/security/cve/CVE-2014-7186</url>
<cvename>CVE-2014-7186</cvename>
+ <cvename>CVE-2014-7187</cvename>
</references>
<dates>
<discovery>2014-09-25</discovery>