From owner-svn-ports-head@freebsd.org Tue Oct 10 14:05:07 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 99CB4E32B53; Tue, 10 Oct 2017 14:05:07 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 677C68379C; Tue, 10 Oct 2017 14:05:07 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9AE56SW011385; Tue, 10 Oct 2017 14:05:06 GMT (envelope-from swills@FreeBSD.org) Received: (from swills@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9AE56wI011382; Tue, 10 Oct 2017 14:05:06 GMT (envelope-from swills@FreeBSD.org) Message-Id: <201710101405.v9AE56wI011382@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: swills set sender to swills@FreeBSD.org using -f From: Steve Wills Date: Tue, 10 Oct 2017 14:05:06 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r451702 - head/security/vuxml X-SVN-Group: ports-head X-SVN-Commit-Author: swills X-SVN-Commit-Paths: head/security/vuxml X-SVN-Commit-Revision: 451702 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2017 14:05:07 -0000 Author: swills Date: Tue Oct 10 14:05:06 2017 New Revision: 451702 URL: https://svnweb.freebsd.org/changeset/ports/451702 Log: Document zookeeper issue Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Oct 10 13:24:08 2017 (r451701) +++ head/security/vuxml/vuln.xml Tue Oct 10 14:05:06 2017 (r451702) @@ -58,6 +58,32 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + zookeeper -- Denial Of Service + + + zookeeper + 3.4.10 + + + + +

zookeeper developers report:

+
+

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

+
+ + + + https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E + CVE-2017-5637 + + + 2017-10-09 + 2017-10-10 + + + libtiff -- Improper Input Validation