FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

diffoscope -- arbitrary file write

Affected packages
67 <= py34-diffoscope < 76
67 <= py35-diffoscope < 76
67 <= py36-diffoscope < 76

Details

VuXML ID 077bbadf-f2f4-11e6-92a7-902b34361349
Discovery 2017-02-09
Entry 2017-02-14
Modified 2017-02-16

Ximin Luo reports:

[v67] introduced a security hole where diffoscope may write to arbitrary locations on disk depending on the contents of an untrusted archive.

References

CVE Name CVE-2017-0359
URL https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723