From owner-svn-ports-head@freebsd.org Wed Sep 21 22:00:14 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 89D30BE4A07; Wed, 21 Sep 2016 22:00:14 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 6A18036D; Wed, 21 Sep 2016 22:00:14 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [IPv6:::1]) by freefall.freebsd.org (Postfix) with ESMTP id 61B171E51; Wed, 21 Sep 2016 22:00:14 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [172.31.3.2]) by mail.xzibition.com (Postfix) with ESMTP id 1BDFC24982; Wed, 21 Sep 2016 22:00:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at mail.xzibition.com Received: from mail.xzibition.com ([172.31.3.2]) by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new, port 10026) with LMTP id mt87AmUlSxIs; Wed, 21 Sep 2016 22:00:10 +0000 (UTC) Subject: Re: svn commit: r422582 - head/security/vuxml DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com CA4B42497D To: Mark Felder , ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org References: <201609212059.u8LKxqfr042194@repo.freebsd.org> From: Bryan Drewery Organization: FreeBSD Message-ID: Date: Wed, 21 Sep 2016 15:00:08 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 MIME-Version: 1.0 In-Reply-To: <201609212059.u8LKxqfr042194@repo.freebsd.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="tqi1tbvr9oljqfvUj4cQnO4wBImAlGGBO" X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Sep 2016 22:00:14 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tqi1tbvr9oljqfvUj4cQnO4wBImAlGGBO Content-Type: multipart/mixed; boundary="JlGBKBrkgH2WI2a82dmt3j7Fu2hL3gQI0"; protected-headers="v1" From: Bryan Drewery To: Mark Felder , ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Message-ID: Subject: Re: svn commit: r422582 - head/security/vuxml References: <201609212059.u8LKxqfr042194@repo.freebsd.org> In-Reply-To: <201609212059.u8LKxqfr042194@repo.freebsd.org> --JlGBKBrkgH2WI2a82dmt3j7Fu2hL3gQI0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 9/21/16 1:59 PM, Mark Felder wrote: > Author: feld > Date: Wed Sep 21 20:59:52 2016 > New Revision: 422582 > URL: https://svnweb.freebsd.org/changeset/ports/422582 >=20 > Log: > Document irssi vulnerabilities > =20 > PR: 212888 > Security: CVE-2016-7044 > Security: CVE-2016-7045 >=20 > Modified: > head/security/vuxml/vuln.xml >=20 > Modified: head/security/vuxml/vuln.xml > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/security/vuxml/vuln.xml Wed Sep 21 20:59:25 2016 (r422581) > +++ head/security/vuxml/vuln.xml Wed Sep 21 20:59:52 2016 (r422582) > @@ -58,6 +58,34 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > > + > + irssi -- heap corruption and missing boundary checks > + > + > + irssi > + 0.8.20 > + Only 0.8.17+ are affected. See https://irssi.org/security/irssi_sa_2016.txt "Affected versions". The irssi-devel port likely had vulnerable revisions too. --=20 Regards, Bryan Drewery --JlGBKBrkgH2WI2a82dmt3j7Fu2hL3gQI0-- --tqi1tbvr9oljqfvUj4cQnO4wBImAlGGBO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJX4wLpAAoJEDXXcbtuRpfP/dgH/3JFJtMV6qnH3B7F3XzRjurM VEQAQP7PzuDDLFm08e+mKRRWqCqLy/JcddKIelbF/xWoLOx0rZuCZSmIbdOUdChJ dYcpSajVj5Q4zgbmY9PmUUq25wyBSMLwh8vpeGQTeVSM4zo72/GzsdudRTgGpgr8 0Hjhsjx21bhNYZEruZ4IdtrtrtOpA/78NF33+IZeXdta8qH0MVul4PLGoZiZarr0 qGLf1pvEwU/4uX/pD2ukDhpVc2ih7f6y5KFbOlRVTTHMR8T8q5eT6CPcCRuQ2pyX N8K/BQ6WowIAT1WiuwpSexWcGZPxfP2H+IxjKJfdgkbO5gV996bDBYBzRf8DDOQ= =v5eS -----END PGP SIGNATURE----- --tqi1tbvr9oljqfvUj4cQnO4wBImAlGGBO--