From owner-svn-ports-all@freebsd.org Wed Nov 29 14:36:53 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0ACEAE55794; Wed, 29 Nov 2017 14:36:53 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C30EB76AFB; Wed, 29 Nov 2017 14:36:52 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vATEapgd021582; Wed, 29 Nov 2017 14:36:51 GMT (envelope-from brnrd@FreeBSD.org) Received: (from brnrd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id vATEapQe021580; Wed, 29 Nov 2017 14:36:51 GMT (envelope-from brnrd@FreeBSD.org) Message-Id: <201711291436.vATEapQe021580@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brnrd set sender to brnrd@FreeBSD.org using -f From: Bernard Spil Date: Wed, 29 Nov 2017 14:36:51 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r455113 - head/security/vuxml X-SVN-Group: ports-head X-SVN-Commit-Author: brnrd X-SVN-Commit-Paths: head/security/vuxml X-SVN-Commit-Revision: 455113 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 14:36:53 -0000 Author: brnrd Date: Wed Nov 29 14:36:51 2017 New Revision: 455113 URL: https://svnweb.freebsd.org/changeset/ports/455113 Log: security/vuxml: Fix formatting Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Nov 29 14:26:57 2017 (r455112) +++ head/security/vuxml/vuln.xml Wed Nov 29 14:36:51 2017 (r455113) @@ -70,14 +70,14 @@ Notes:

The cURL project reports:

-
NTLM buffer overflow via integer overflow +
NTLM buffer overflow via integer overflow (CVE-2017-8816)
libcurl contains a buffer overrun flaw in the NTLM authentication code. The internal function Curl_ntlm_core_mk_ntlmv2_hash sums up the lengths of the user name + password (= SUM) and multiplies the sum by two (= SIZE) to figure out how large storage to - allocate from the heap.
-
FTP wildcard out of bounds read (CVE-2017-8817)
+ allocate from the heap.
+
FTP wildcard out of bounds read (CVE-2017-8817)
libcurl contains a read out of bounds flaw in the FTP wildcard function. libcurl's FTP wildcard matching feature, which is enabled with @@ -86,8 +86,8 @@ Notes: has a flaw that makes it not detect the end of the pattern string if it ends with an open bracket ([) but instead it will continue reading the heap beyond the end of the URL buffer that - holds the wildcard.
-
SSL out of buffer access (CVE-2017-8818)
+ holds the wildcard.
+
SSL out of buffer access (CVE-2017-8818)
libcurl contains an out boundary access flaw in SSL related code. When allocating memory for a connection (the internal struct called connectdata), a certain amount of memory is allocated at @@ -95,7 +95,7 @@ Notes: structs are used by the particular SSL library libcurl is built to use. The application can also tell libcurl which specific SSL library to use if it was built to support more than one. -
+