Date: Tue, 18 Oct 2016 17:26:07 +0000 (UTC) From: Rene Ladan <rene@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r424184 - head/security/vuxml Message-ID: <201610181726.u9IHQ7K9094294@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rene Date: Tue Oct 18 17:26:07 2016 New Revision: 424184 URL: https://svnweb.freebsd.org/changeset/ports/424184 Log: Document remote denial of service vulnerability in security/tor* PR: 212952 Submitted by: Neel Chauhan <neel@neelc.org> Obtained from: https://blog.torproject.org/blog/tor-0289-released-important-fixes Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Oct 18 17:23:04 2016 (r424183) +++ head/security/vuxml/vuln.xml Tue Oct 18 17:26:07 2016 (r424184) @@ -58,6 +58,42 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="c1dc55dc-9556-11e6-b154-3065ec8fd3ec"> + <topic>Tor -- remote denial of service</topic> + <affects> + <package> + <name>tor</name> + <range><lt>0.2.8.9</lt></range> + </package> + <package> + <name>tor-devel</name> + <range><lt>0.2.9.4-alpha</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Tor Blog reports:</p> + <blockquote cite="https://blog.torproject.org/blog/tor-0289-released-important-fixes">; + <p>Prevent a class of security bugs caused by treating the contents + of a buffer chunk as if they were a NUL-terminated string. At least + one such bug seems to be present in all currently used versions of + Tor, and would allow an attacker to remotely crash most Tor + instances, especially those compiled with extra compiler hardening. + With this defense in place, such bugs can't crash Tor, though we + should still fix them as they occur. Closes ticket 20384 + (TROVE-2016-10-001).</p> + </blockquote> + </body> + </description> + <references> + <url>https://blog.torproject.org/blog/tor-0289-released-important-fixes</url>; + </references> + <dates> + <discovery>2016-10-17</discovery> + <entry>2016-10-18</entry> + </dates> + </vuln> + <vuln vid="43f1c867-654a-11e6-8286-00248c0c745d"> <topic>Rails 4 -- Possible XSS Vulnerability in Action View</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610181726.u9IHQ7K9094294>