Date: Tue, 3 May 2016 23:57:03 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r414566 - head/security/vuxml Message-ID: <201605032357.u43Nv3K5038468@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Tue May 3 23:57:03 2016 New Revision: 414566 URL: https://svnweb.freebsd.org/changeset/ports/414566 Log: Fix <url> -> <cvename> tags in OpenSSL entry plus spacing fixes. While here, combine both entries as they both refer to the same CVEs and we've typically done these as combined entries in the past. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue May 3 22:53:39 2016 (r414565) +++ head/security/vuxml/vuln.xml Tue May 3 23:57:03 2016 (r414566) @@ -59,44 +59,6 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; <vuln vid="01d729ca-1143-11e6-b55e-b499baebfeaf"> - <topic>LibreSSL -- multiple vulnerabilities</topic> - <affects> - <package> - <name>libressl</name> - <range><lt>2.3.4</lt></range> - </package> - <package> - <name>libressl-devel</name> - <range><lt>2.3.4</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>OpenBSD reports:</p> - <blockquote cite="https://marc.info/?l=openbsd-tech&m=146228598730414">; - <p>Memory corruption in the ASN.1 encoder</p> - <p>Padding oracle in AES-NI CBC MAC check</p> - <p>EVP_EncodeUpdate overflow</p> - <p>EVP_EncryptUpdate overflow</p> - <p>ASN.1 BIO excessive memory allocation</p> - </blockquote> - </body> - </description> - <references> - <url>https://marc.info/?l=openbsd-tech&m=146228598730414</url>; - <url>CVE-2016-2108</url> - <url>CVE-2016-2107</url> - <url>CVE-2016-2105</url> - <url>CVE-2016-2106</url> - <url>CVE-2016-2109</url> - </references> - <dates> - <discovery>2016-05-03</discovery> - <entry>2016-05-03</entry> - </dates> - </vuln> - - <vuln vid="95564990-1138-11e6-b55e-b499baebfeaf"> <topic>OpenSSL -- multiple vulnerabilities</topic> <affects> <package> @@ -107,33 +69,49 @@ Notes: <name>linux-c6-openssl</name> <range><lt>1.0.1e_8</lt></range> </package> + <package> + <name>libressl</name> + <range><lt>2.3.4</lt></range> + </package> + <package> + <name>libressl-devel</name> + <range><lt>2.3.4</lt></range> + </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>OpenSSL reports:</p> <blockquote cite="https://www.openssl.org/news/secadv/20160503.txt">; + <p>Memory corruption in the ASN.1 encoder</p> <p>Padding oracle in AES-NI CBC MAC check</p> <p>EVP_EncodeUpdate overflow</p> <p>EVP_EncryptUpdate overflow</p> <p>ASN.1 BIO excessive memory allocation</p> - <p>EBCDIC overread</p> + <p>EBCDIC overread (OpenSSL only)</p> </blockquote> </body> </description> <references> <url>https://www.openssl.org/news/secadv/20160503.txt</url>; - <url>CVE-2016-2107</url> - <url>CVE-2016-2105</url> - <url>CVE-2016-2106</url> - <url>CVE-2016-2109</url> - <url>CVE-2016-2176</url> + <url>https://marc.info/?l=openbsd-tech&m=146228598730414</url>; + <cvename>CVE-2016-2105</cvename> + <cvename>CVE-2016-2106</cvename> + <cvename>CVE-2016-2107</cvename> + <cvename>CVE-2016-2108</cvename> + <cvename>CVE-2016-2109</cvename> + <cvename>CVE-2016-2176</cvename> </references> <dates> <discovery>2016-05-03</discovery> <entry>2016-05-03</entry> + <modified>2016-05-03</modified> </dates> </vuln> + <vuln vid="95564990-1138-11e6-b55e-b499baebfeaf"> + <cancelled superseded="01d729ca-1143-11e6-b55e-b499baebfeaf"/> + </vuln> + <vuln vid="be72e773-1131-11e6-94fa-002590263bf5"> <topic>gitlab -- privilege escalation via "impersonate" feature</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605032357.u43Nv3K5038468>