Date: Wed, 21 Sep 2016 15:00:08 -0700 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Mark Felder <feld@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r422582 - head/security/vuxml Message-ID: <c6f6f1b7-3bdb-0d32-5581-6b7a19321825@FreeBSD.org> In-Reply-To: <201609212059.u8LKxqfr042194@repo.freebsd.org> References: <201609212059.u8LKxqfr042194@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tqi1tbvr9oljqfvUj4cQnO4wBImAlGGBO Content-Type: multipart/mixed; boundary="JlGBKBrkgH2WI2a82dmt3j7Fu2hL3gQI0"; protected-headers="v1" From: Bryan Drewery <bdrewery@FreeBSD.org> To: Mark Felder <feld@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Message-ID: <c6f6f1b7-3bdb-0d32-5581-6b7a19321825@FreeBSD.org> Subject: Re: svn commit: r422582 - head/security/vuxml References: <201609212059.u8LKxqfr042194@repo.freebsd.org> In-Reply-To: <201609212059.u8LKxqfr042194@repo.freebsd.org> --JlGBKBrkgH2WI2a82dmt3j7Fu2hL3gQI0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 9/21/16 1:59 PM, Mark Felder wrote: > Author: feld > Date: Wed Sep 21 20:59:52 2016 > New Revision: 422582 > URL: https://svnweb.freebsd.org/changeset/ports/422582 >=20 > Log: > Document irssi vulnerabilities > =20 > PR: 212888 > Security: CVE-2016-7044 > Security: CVE-2016-7045 >=20 > Modified: > head/security/vuxml/vuln.xml >=20 > Modified: head/security/vuxml/vuln.xml > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/security/vuxml/vuln.xml Wed Sep 21 20:59:25 2016 (r422581) > +++ head/security/vuxml/vuln.xml Wed Sep 21 20:59:52 2016 (r422582) > @@ -58,6 +58,34 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">; > + <vuln vid=3D"e78261e4-803d-11e6-a590-14dae9d210b8"> > + <topic>irssi -- heap corruption and missing boundary checks</topic= > > + <affects> > + <package> > + <name>irssi</name> > + <range><lt>0.8.20</lt></range> > + </package> Only 0.8.17+ are affected. See https://irssi.org/security/irssi_sa_2016.txt "Affected versions". The irssi-devel port likely had vulnerable revisions too. --=20 Regards, Bryan Drewery --JlGBKBrkgH2WI2a82dmt3j7Fu2hL3gQI0-- --tqi1tbvr9oljqfvUj4cQnO4wBImAlGGBO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJX4wLpAAoJEDXXcbtuRpfP/dgH/3JFJtMV6qnH3B7F3XzRjurM VEQAQP7PzuDDLFm08e+mKRRWqCqLy/JcddKIelbF/xWoLOx0rZuCZSmIbdOUdChJ dYcpSajVj5Q4zgbmY9PmUUq25wyBSMLwh8vpeGQTeVSM4zo72/GzsdudRTgGpgr8 0Hjhsjx21bhNYZEruZ4IdtrtrtOpA/78NF33+IZeXdta8qH0MVul4PLGoZiZarr0 qGLf1pvEwU/4uX/pD2ukDhpVc2ih7f6y5KFbOlRVTTHMR8T8q5eT6CPcCRuQ2pyX N8K/BQ6WowIAT1WiuwpSexWcGZPxfP2H+IxjKJfdgkbO5gV996bDBYBzRf8DDOQ= =v5eS -----END PGP SIGNATURE----- --tqi1tbvr9oljqfvUj4cQnO4wBImAlGGBO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c6f6f1b7-3bdb-0d32-5581-6b7a19321825>