From owner-svn-ports-head@freebsd.org Wed Jul 5 06:33:10 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A55ECDA37DD; Wed, 5 Jul 2017 06:33:10 +0000 (UTC) (envelope-from danfe@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6F11E74A27; Wed, 5 Jul 2017 06:33:10 +0000 (UTC) (envelope-from danfe@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v656X9Fi044043; Wed, 5 Jul 2017 06:33:09 GMT (envelope-from danfe@FreeBSD.org) Received: (from danfe@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v656X7Ax044041; Wed, 5 Jul 2017 06:33:07 GMT (envelope-from danfe@FreeBSD.org) Message-Id: <201707050633.v656X7Ax044041@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: danfe set sender to danfe@FreeBSD.org using -f From: Alexey Dokuchaev Date: Wed, 5 Jul 2017 06:33:07 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r445050 - head/security/vuxml X-SVN-Group: ports-head X-SVN-Commit-Author: danfe X-SVN-Commit-Paths: head/security/vuxml X-SVN-Commit-Revision: 445050 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jul 2017 06:33:10 -0000 Author: danfe Date: Wed Jul 5 06:33:07 2017 New Revision: 445050 URL: https://svnweb.freebsd.org/changeset/ports/445050 Log: Another round of spelling fixes, covering entries of the year 2015. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 5 06:33:05 2017 (r445049) +++ head/security/vuxml/vuln.xml Wed Jul 5 06:33:07 2017 (r445050) @@ -3297,7 +3297,7 @@ maliciously crafted GET request to the Horde server. -

The phpMYAdmin team reports:

+

The phpMyAdmin team reports:

Summary

Bypass $cfg['Servers'][$i]['AllowNoPassword']

@@ -4355,7 +4355,7 @@ maliciously crafted GET request to the Horde server.The Xen Project reports:

In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine - cirrus_bitblt_cputovideo fails to check wethehr the specified + cirrus_bitblt_cputovideo fails to check whether the specified memory region is safe. A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation.

@@ -9220,7 +9220,7 @@ maliciously crafted GET request to the Horde server. -

The phpMYAdmin development team reports:

+

The phpMyAdmin development team reports:

Summary

Open redirection

@@ -17351,7 +17351,7 @@ and CVE-2013-0155.

-

The phpMYAdmin development team reports:

+

The phpMyAdmin development team reports:

Summary

BBCode injection vulnerability

@@ -29253,7 +29253,7 @@ and CVE-2013-0155.

[20151203] - Core - Directory Traversal

-

Failure to properly sanitise input data from the XML install file +

Failure to properly sanitize input data from the XML install file located within an extension's package archive allows for directory traversal.

@@ -30561,7 +30561,7 @@ and CVE-2013-0155.

Google Chrome Releases reports:

-

41 security fixes in this release, inclduding:

+

41 security fixes in this release, including:

  • [558589] Critical CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous.
    • @@ -30836,7 +30836,7 @@ and CVE-2013-0155.

    - libxslt -- DoS vulnability due to type confusing error + libxslt -- DoS vulnerability due to type confusing error libsxlt @@ -31654,7 +31654,7 @@ and CVE-2013-0155.

    The code to validate level 2 page table entries is bypassed when certain conditions are satisfied. This means that a PV guest can - create writeable mappings using super page mappings. Such writeable + create writable mappings using super page mappings. Such writable mappings can violate Xen intended invariants for pages which Xen is supposed to keep read-only. This is possible even if the "allowsuperpage" command line option is not used.

    @@ -32267,7 +32267,7 @@ and CVE-2013-0155.

    - Joomla! -- Core - Unauthorised Login vulnerability + Joomla! -- Core - Unauthorized Login vulnerability joomla3 @@ -32283,8 +32283,8 @@ and CVE-2013-0155.

    The JSST and the Joomla! Security Center report:

    -

    [20140902] - Core - Unauthorised Logins

    -

    Inadequate checking allowed unauthorised logins via LDAP +

    [20140902] - Core - Unauthorized Logins

    +

    Inadequate checking allowed unauthorized logins via LDAP authentication.

    @@ -33041,7 +33041,7 @@ and CVE-2013-0155.

    some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this - constitutues a security issue, allowing execution of arbitrary + constitutes a security issue, allowing execution of arbitrary commands if an attacker has control over the text displayed in a menu.

    @@ -34228,7 +34228,7 @@ and CVE-2013-0155.

    built with OpenSSL and configured for "SSL-Bump" decryption.

    Integer overflows can lead to invalid pointer math reading from random memory on some CPU architectures. In the best case this leads - to wrong TLS extensiosn being used for the client, worst-case a + to wrong TLS extensions being used for the client, worst-case a crash of the proxy terminating all active transactions.

    Incorrect message size checks and assumptions about the existence of TLS extensions in the SSL/TLS handshake message can lead to very @@ -34383,9 +34383,9 @@ and CVE-2013-0155.

    Qinghao Tang reports:

    -

    The function ParseExtension() in openslp 1.2.1 exists a - vulnerability , an attacher can cause a denial of service - (infinite loop) via a packet with crafted "nextoffset" +

    The function ParseExtension() in openslp 1.2.1 contains + vulnerability: an attacker can cause a denial of service + (infinite loop) via a packet with crafted "nextoffset" value and "extid" value.

    @@ -36107,7 +36107,7 @@ and CVE-2013-0155.

    The QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation. This results in - uninitialised memory from the QEMU process's heap being leaked to + uninitialized memory from the QEMU process's heap being leaked to the domain as well as to the network.

    A guest may be able to read sensitive host-level data relating to itself which resides in the QEMU process.

    @@ -37844,7 +37844,7 @@ and CVE-2013-0155.

    Description

    When an application has Groovy on the classpath and that - it uses standard Java serialization mechanim to communicate + it uses standard Java serialization mechanism to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications @@ -38420,7 +38420,7 @@ and CVE-2013-0155.

    - freeradius -- insufficent CRL application vulnerability + freeradius -- insufficient CRL application vulnerability freeradius2 @@ -38615,7 +38615,7 @@ and CVE-2013-0155.

    through PCI devices not explicitly dealt with for (partial) emulation purposes.

    Since the effect depends on the specific purpose of the the config - space field, it's not possbile to give a general statement about the + space field, it's not possible to give a general statement about the exact impact on the host or other guests. Privilege escalation, host crash (Denial of Service), and leaked information all cannot be excluded.

    @@ -39019,7 +39019,7 @@ and CVE-2013-0155.

    The Xen Project reports:

    -

    On ARM systems the code which deals with virtualising the GIC +

    On ARM systems the code which deals with virtualizing the GIC distributor would, under various circumstances, log messages on a guest accessible code path without appropriate rate limiting.

    A malicious guest could cause repeated logging to the hypervisor @@ -39843,7 +39843,7 @@ and CVE-2013-0155.

    The Page allocation is moved into textcommon.c, where it does all the necessary checking: lower-bounds for CVE-2015-3258 and upper-bounds for CVE-2015-3259 due to integer overflows for the calloc() call - initialising Page[0] and the memset() call in texttopdf.c's + initializing Page[0] and the memset() call in texttopdf.c's WritePage() function zeroing the entire array.

    @@ -39979,7 +39979,7 @@ and CVE-2013-0155.

     - ntp -- control message remote Deinal of Service vulnerability + ntp -- control message remote Denial of Service vulnerability ntp @@ -40603,7 +40603,7 @@ and CVE-2013-0155.

     - rubygem-paperclip -- validation bypass vulnerabilitiy + rubygem-paperclip -- validation bypass vulnerability rubygem-paperclip @@ -40707,7 +40707,7 @@ and CVE-2013-0155.

     - cacti -- Multiple XSS and SQL injection vulerabilities + cacti -- Multiple XSS and SQL injection vulnerabilities cacti @@ -40720,7 +40720,7 @@ and CVE-2013-0155.

    Important Security Fixes

      -
    • Multiple XSS and SQL injection vulerabilities
      • +
    • Multiple XSS and SQL injection vulnerabilities

    Changelog

      @@ -40930,7 +40930,7 @@ and CVE-2013-0155.

      connection is already kept alive.

      With this flaw present, using the handle even after a reset would make libcurl accidentally use - those credentials in a subseqent request if done + those credentials in a subsequent request if done to the same host name and connection as was previously accessed.

      An example case would be first requesting a password @@ -40950,7 +40950,7 @@ and CVE-2013-0155.

      to figure out what data range to send back.

      The values are used and trusted without boundary checks and are just assumed to be valid. This allows - carefully handicrafted packages to trick libcurl + carefully handcrafted packages to trick libcurl into responding and sending off data that was not intended. Or just crash if the values cause libcurl to access invalid memory.

      @@ -41202,7 +41202,7 @@ and CVE-2013-0155.

    • Malformed ECParameters causes infinite loop (CVE-2015-1788)
    • Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
      • -
    • iPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
      • +
    • PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)
    • CMS verify infinite loop with unknown hash function (CVE-2015-1792)
    • Race condition handling NewSessionTicket (CVE-2015-1791)
      • @@ -41533,7 +41533,7 @@ and CVE-2013-0155.

      tidy is affected by a write out of bounds when processing malformed html files.

      This issue could be abused on server side applications that use php-tidy extension with user input.

      -

      The issue was confirmed, analysed and fixed by the tidy5 maintainer.

      +

      The issue was confirmed, analyzed, and fixed by the tidy5 maintainer.

      @@ -42171,10 +42171,10 @@ and CVE-2013-0155.

      cURL reports:

      libcurl keeps a pool of its last few connections around - after use to fascilitate easy, conventient and completely + after use to facilitate easy, convenient, and completely transparent connection re-use for applications.

      When doing HTTP requests NTLM authenticated, the entire - connnection becomes authenticated and not just the + connection becomes authenticated and not just the specific HTTP request which is otherwise how HTTP works. This makes NTLM special and a subject for special treatment in the code. With NTLM, once the connection is @@ -42183,7 +42183,7 @@ and CVE-2013-0155.

      When doing HTTP requests Negotiate authenticated, the - entire connnection may become authenticated and not just + entire connection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that @@ -42764,7 +42764,7 @@ and CVE-2013-0155.

      RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. - This mechanism is implemented via DNS, specificly a SRV record + This mechanism is implemented via DNS, specifically a SRV record _rubygems._tcp under the original requested domain.

      RubyGems did not validate the hostname returned in the SRV record before sending requests to it. This left clients open to a DNS @@ -43304,7 +43304,7 @@ and CVE-2013-0155.

      - Vulnerablitiy in HWP document filter + Vulnerability in HWP document filter libreoffice @@ -43698,12 +43698,12 @@ and CVE-2013-0155.

      upgrade to this version.

      The PHP development team announces the immediate availability of PHP 5.5.24. Several bugs have been - fixed some of them beeing security related, like + fixed, some of them being security related, like CVE-2015-1351 and CVE-2015-1352. All PHP 5.5 users are encouraged to upgrade to this version.

      The PHP development team announces the immediate availability of PHP 5.6.8. Several bugs have been - fixed some of them beeing security related, like + fixed, some of them being security related, like CVE-2015-1351 and CVE-2015-1352. All PHP 5.6 users are encouraged to upgrade to this version.

      @@ -44966,7 +44966,7 @@ and CVE-2013-0155.

      [Client] (CVE-2015-0204). OpenSSL only.
    • Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
    • ASN.1 structure reuse memory corruption (CVE-2015-0287)
      • -
    • PKCS7 NULL pointer dereferences (CVE-2015-0289)
      • +
    • PKCS#7 NULL pointer dereferences (CVE-2015-0289)
    • Base64 decode (CVE-2015-0292). OpenSSL only.
    • DoS via reachable assert in SSLv2 servers (CVE-2015-0293). OpenSSL only.
      • @@ -45383,7 +45383,7 @@ and CVE-2013-0155.

      Richard J. Moore reports:

      The builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug - that would lead to a divsion by zero when loading certain corrupt + that would lead to a division by zero when loading certain corrupt BMP files. This in turn would cause the application loading these hand crafted BMPs to crash.

      @@ -45681,7 +45681,7 @@ and CVE-2013-0155.

      -

      Samba developement team reports:

      +

      Samba development team reports:

      All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability @@ -46233,7 +46233,7 @@ and CVE-2013-0155.

      user who is viewing connected clients.

    In all cases, the attacker needs a valid user account on the - targetted RabbitMQ cluster.

    + targeted RabbitMQ cluster.

    Furthermore, some admin-controllable content was not properly escaped:

      @@ -47421,7 +47421,7 @@ and CVE-2013-0155.

      The Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and - pervious versions allow attackers to overflow several + previous versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator @@ -72003,7 +72003,7 @@ executed in your Internet Explorer while displaying th -

      The phpMYAdmin development team reports:

      +

      The phpMyAdmin development team reports:

      The show_config_errors.php scripts did not validate the presence of the configuration file, so an error message shows the full path