Date: Thu, 22 Sep 2016 07:57:16 -0500 From: Mark Felder <feld@FreeBSD.org> To: Bryan Drewery <bdrewery@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r422582 - head/security/vuxml Message-ID: <1474549036.1431804.733733225.0A2B9B36@webmail.messagingengine.com> In-Reply-To: <c6f6f1b7-3bdb-0d32-5581-6b7a19321825@FreeBSD.org> References: <201609212059.u8LKxqfr042194@repo.freebsd.org> <c6f6f1b7-3bdb-0d32-5581-6b7a19321825@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 21, 2016, at 17:00, Bryan Drewery wrote: > On 9/21/16 1:59 PM, Mark Felder wrote: > > Author: feld > > Date: Wed Sep 21 20:59:52 2016 > > New Revision: 422582 > > URL: https://svnweb.freebsd.org/changeset/ports/422582 > > > > Log: > > Document irssi vulnerabilities > > > > PR: 212888 > > Security: CVE-2016-7044 > > Security: CVE-2016-7045 > > > > Modified: > > head/security/vuxml/vuln.xml > > > > Modified: head/security/vuxml/vuln.xml > > ============================================================================== > > --- head/security/vuxml/vuln.xml Wed Sep 21 20:59:25 2016 (r422581) > > +++ head/security/vuxml/vuln.xml Wed Sep 21 20:59:52 2016 (r422582) > > @@ -58,6 +58,34 @@ Notes: > > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > > --> > > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; > > + <vuln vid="e78261e4-803d-11e6-a590-14dae9d210b8"> > > + <topic>irssi -- heap corruption and missing boundary checks</topic> > > + <affects> > > + <package> > > + <name>irssi</name> > > + <range><lt>0.8.20</lt></range> > > + </package> > > Only 0.8.17+ are affected. See > https://irssi.org/security/irssi_sa_2016.txt "Affected versions". The > irssi-devel port likely had vulnerable revisions too. > Fixed the range. I'm having a hard time figuring out the old irssi-devel port's relationship with actual releases. Those snapshots aren't available anymore for inspection :( -- Mark Felder ports-secteam member feld@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1474549036.1431804.733733225.0A2B9B36>