From owner-svn-ports-all@FreeBSD.ORG  Sun Mar 23 14:52:37 2014
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1102855C;
 Sun, 23 Mar 2014 14:52:37 +0000 (UTC)
Received: from mail.jr-hosting.nl (mail.jr-hosting.nl [78.47.69.234])
 by mx1.freebsd.org (Postfix) with ESMTP id A0805153;
 Sun, 23 Mar 2014 14:52:36 +0000 (UTC)
Received: from [IPv6:2001:470:d701::b17a:8f37:6fb4:d7c7] (unknown
 [IPv6:2001:470:d701:0:b17a:8f37:6fb4:d7c7])
 by mail.jr-hosting.nl (Postfix) with ESMTPSA id 87E7B3F482;
 Sun, 23 Mar 2014 15:52:34 +0100 (CET)
Content-Type: multipart/signed;
 boundary="Apple-Mail=_4E5931A2-5F38-4DBB-B257-DF0E6A4A7C22";
 protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: svn commit: r348855 - head/security/vuxml
From: Remko Lodder <remko@FreeBSD.org>
In-Reply-To: <201403231340.s2NDevc4012818@svn.freebsd.org>
Date: Sun, 23 Mar 2014 15:52:32 +0100
Message-Id: <482F13E4-4CD4-421E-BDAD-B918B2A17C11@FreeBSD.org>
References: <201403231340.s2NDevc4012818@svn.freebsd.org>
To: "Sergey A. Osokin" <osa@FreeBSD.org>
X-Mailer: Apple Mail (2.1874)
Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org,
 ports-committers@freebsd.org
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Mar 2014 14:52:37 -0000


--Apple-Mail=_4E5931A2-5F38-4DBB-B257-DF0E6A4A7C22
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


Hi Sergey,

This is more.. enthusiastic :-)

The idea was that if you add a new
<package>
<name>
<range>
</package>

in the existing entry, you can reuse the other text but denote which =
-devel
versions are affected..

Having two of the same entries is a bit..overkill :-)

Cheers
Remko

On 23 Mar 2014, at 14:40, Sergey A. Osokin <osa@FreeBSD.org> wrote:

> Author: osa
> Date: Sun Mar 23 13:40:57 2014
> New Revision: 348855
> URL: http://svnweb.freebsd.org/changeset/ports/348855
> QAT: https://qat.redports.org/buildarchive/r348855/
>=20
> Log:
>  Split nginx and nginx-devel entries, update date.
>=20
> Modified:
>  head/security/vuxml/vuln.xml
>=20
> Modified: head/security/vuxml/vuln.xml
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- head/security/vuxml/vuln.xml	Sun Mar 23 13:26:20 2014	=
(r348854)
> +++ head/security/vuxml/vuln.xml	Sun Mar 23 13:40:57 2014	=
(r348855)
> @@ -51,14 +51,48 @@ Note:  Please add new entries to the beg
>=20
> -->
> <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">
> +  <vuln vid=3D"da4b89ad-b28f-11e3-99ca-f0def16c5c1b">
> +    <topic>nginx-devel -- SPDY heap buffer overflow</topic>
> +    <affects>
> +      <package>
> +	<name>nginx-devel</name>
> +	<range><ge>1.3.15</ge><lt>1.5.12</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +      <body xmlns=3D"http://www.w3.org/1999/xhtml">
> +	<p>The nginx project reports:</p>
> +	<blockquote =
cite=3D"http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html=
">
> +	  <p>A bug in the experimental SPDY implementation in nginx was =
found, which
> +	   might allow an attacker to cause a heap memory buffer =
overflow in a
> +	   worker process by using a specially crafted request, =
potentially
> +	   resulting in arbitrary code execution (CVE-2014-0133).</p>
> +
> +	  <p>The problem affects nginx 1.3.15 - 1.5.11, compiled with =
the
> +	   ngx_http_spdy_module module (which is not compiled by =
default) and
> +	   without --with-debug configure option, if the "spdy" option =
of the
> +	   "listen" directive is used in a configuration file.</p>
> +
> +	  <p>The problem is fixed in nginx 1.5.12, 1.4.7.</p>
> +	</blockquote>
> +      </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2014-0133</cvename>
> +      =
<url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html</u=
rl>
> +    </references>
> +    <dates>
> +      <discovery>2014-03-18</discovery>
> +      <entry>2014-03-23</entry>
> +    </dates>
> +  </vuln>
> +
>   <vuln vid=3D"fc28df92-b233-11e3-99ca-f0def16c5c1b">
>     <topic>nginx -- SPDY heap buffer overflow</topic>
>     <affects>
>       <package>
> 	<name>nginx</name>
> -	<name>nginx-devel</name>
> 	<range><lt>1.4.7</lt></range>
> -	<range><lt>1.5.12</lt></range>
>       </package>
>     </affects>
>     <description>
> @@ -85,7 +119,7 @@ Note:  Please add new entries to the beg
>     </references>
>     <dates>
>       <discovery>2014-03-18</discovery>
> -      <entry>2014-03-18</entry>
> +      <entry>2014-03-23</entry>
>     </dates>
>   </vuln>
>=20
> _______________________________________________
> svn-ports-all@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-ports-all
> To unsubscribe, send any mail to =
"svn-ports-all-unsubscribe@freebsd.org"

--=20

/"\   Best regards,                      | remko@FreeBSD.org
\ /   Remko Lodder                       | remko@EFnet
 X    http://www.evilcoder.org/          |
/ \   ASCII Ribbon Campaign              | Against HTML Mail and News


--Apple-Mail=_4E5931A2-5F38-4DBB-B257-DF0E6A4A7C22
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTLvUxAAoJEKjD27JZ84ywZ4kP/RIMnMNB2D3shneQzw6aGaX5
EEHrgoIkTxhV4xYoV2Y5qfbGaA6XbwoKejPrP+G48RlkDIFCVz4QlsMSfVjO8OPd
6+eKLuI1TIQHZKpF7G00hOeM/2u0Oa7ZxZiY4tbOfl2uPgPRKn/AgcaM1VaMgaEU
wxvdWlrVLdYSB+8+Dwd7JXe0JyPLRjU5lMDmw4WcDORmb67Lkdg41zY9PVDvixWo
bmokn8M10oL4hRgVjJh/lzYhtTPba8i/qLXOWODVK/nznuHTwfO2abP+6vShtDTX
BKepVN3qvRJhn4u7ggShdzNjdV8b9iCOttwaQQLWEkdaZymI95xbXUOepTYqcRQ1
8v5nySAnldA1O9MrmG7mW02rTVvvblo9QmO0+lgda3eqsGfZBBdPeghEYhGbFGiV
AwVWcfgtNXe0KuBmDxNkN7c2BLknmzbJUn43AxmzITjuhhqNtE633CISHByAH7b8
fidldMupl4kxK2x5qOLyeI3j+QHsb/UvXKzhISdl/Gpm9IYNbj9D3mUw6PAQLfEW
FBdfBwWi74IG4PH7EI1VsVcTuvzDr+XMzdMBQwSsew4l66zdJwrb/D8ohqUACfXQ
UeqKHfu/XYAiMCOL+i+68LZ55PxAoUi1aJ0SnPymFGsx70+z6laeP3lhpYsB5PEK
BFiBz5+y1HXemAaW73qI
=9f6s
-----END PGP SIGNATURE-----

--Apple-Mail=_4E5931A2-5F38-4DBB-B257-DF0E6A4A7C22--