Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Sep 2016 15:00:08 -0700
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        Mark Felder <feld@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r422582 - head/security/vuxml
Message-ID:  <c6f6f1b7-3bdb-0d32-5581-6b7a19321825@FreeBSD.org>
In-Reply-To: <201609212059.u8LKxqfr042194@repo.freebsd.org>
References:  <201609212059.u8LKxqfr042194@repo.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--tqi1tbvr9oljqfvUj4cQnO4wBImAlGGBO
Content-Type: multipart/mixed; boundary="JlGBKBrkgH2WI2a82dmt3j7Fu2hL3gQI0";
 protected-headers="v1"
From: Bryan Drewery <bdrewery@FreeBSD.org>
To: Mark Felder <feld@FreeBSD.org>, ports-committers@freebsd.org,
 svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Message-ID: <c6f6f1b7-3bdb-0d32-5581-6b7a19321825@FreeBSD.org>
Subject: Re: svn commit: r422582 - head/security/vuxml
References: <201609212059.u8LKxqfr042194@repo.freebsd.org>
In-Reply-To: <201609212059.u8LKxqfr042194@repo.freebsd.org>

--JlGBKBrkgH2WI2a82dmt3j7Fu2hL3gQI0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 9/21/16 1:59 PM, Mark Felder wrote:
> Author: feld
> Date: Wed Sep 21 20:59:52 2016
> New Revision: 422582
> URL: https://svnweb.freebsd.org/changeset/ports/422582
>=20
> Log:
>   Document irssi vulnerabilities
>  =20
>   PR:		212888
>   Security:	CVE-2016-7044
>   Security:	CVE-2016-7045
>=20
> Modified:
>   head/security/vuxml/vuln.xml
>=20
> Modified: head/security/vuxml/vuln.xml
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/security/vuxml/vuln.xml	Wed Sep 21 20:59:25 2016	(r422581)
> +++ head/security/vuxml/vuln.xml	Wed Sep 21 20:59:52 2016	(r422582)
> @@ -58,6 +58,34 @@ Notes:
>    * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
>  -->
>  <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">;
> +  <vuln vid=3D"e78261e4-803d-11e6-a590-14dae9d210b8">
> +    <topic>irssi -- heap corruption and missing boundary checks</topic=
>
> +    <affects>
> +      <package>
> +	<name>irssi</name>
> +	<range><lt>0.8.20</lt></range>
> +      </package>

Only 0.8.17+ are affected.  See
https://irssi.org/security/irssi_sa_2016.txt "Affected versions".  The
irssi-devel port likely had vulnerable revisions too.

--=20
Regards,
Bryan Drewery


--JlGBKBrkgH2WI2a82dmt3j7Fu2hL3gQI0--

--tqi1tbvr9oljqfvUj4cQnO4wBImAlGGBO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJX4wLpAAoJEDXXcbtuRpfP/dgH/3JFJtMV6qnH3B7F3XzRjurM
VEQAQP7PzuDDLFm08e+mKRRWqCqLy/JcddKIelbF/xWoLOx0rZuCZSmIbdOUdChJ
dYcpSajVj5Q4zgbmY9PmUUq25wyBSMLwh8vpeGQTeVSM4zo72/GzsdudRTgGpgr8
0Hjhsjx21bhNYZEruZ4IdtrtrtOpA/78NF33+IZeXdta8qH0MVul4PLGoZiZarr0
qGLf1pvEwU/4uX/pD2ukDhpVc2ih7f6y5KFbOlRVTTHMR8T8q5eT6CPcCRuQ2pyX
N8K/BQ6WowIAT1WiuwpSexWcGZPxfP2H+IxjKJfdgkbO5gV996bDBYBzRf8DDOQ=
=v5eS
-----END PGP SIGNATURE-----

--tqi1tbvr9oljqfvUj4cQnO4wBImAlGGBO--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c6f6f1b7-3bdb-0d32-5581-6b7a19321825>