From owner-svn-ports-all@freebsd.org Tue Dec 8 19:23:11 2015 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3CE5C9D5031; Tue, 8 Dec 2015 19:23:11 +0000 (UTC) (envelope-from kwm@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 177341ADD; Tue, 8 Dec 2015 19:23:11 +0000 (UTC) (envelope-from kwm@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tB8JNAX9020421; Tue, 8 Dec 2015 19:23:10 GMT (envelope-from kwm@FreeBSD.org) Received: (from kwm@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tB8JNAuO020419; Tue, 8 Dec 2015 19:23:10 GMT (envelope-from kwm@FreeBSD.org) Message-Id: <201512081923.tB8JNAuO020419@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kwm set sender to kwm@FreeBSD.org using -f From: Koop Mast Date: Tue, 8 Dec 2015 19:23:10 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r403340 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Dec 2015 19:23:11 -0000 Author: kwm Date: Tue Dec 8 19:23:09 2015 New Revision: 403340 URL: https://svnweb.freebsd.org/changeset/ports/403340 Log: Document a few, *cough* 78, flash vulnabilities. Submitted by: xmj@ Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Dec 8 19:19:36 2015 (r403339) +++ head/security/vuxml/vuln.xml Tue Dec 8 19:23:09 2015 (r403340) @@ -58,6 +58,158 @@ Notes: --> + + flash -- multiple vulnabilities + + + linux-c6-flashplugin + linux-f10-flashplugin + linux-c6_64-flashplugin + 11.2r202.554 + + + + +

Adobe reports:

+
+

+ These updates resolve heap buffer overflow vulnerabilities that + could lead to code execution (CVE-2015-8438, CVE-2015-8446).

+ +

+ These updates resolve memory corruption vulnerabilities that + could lead to code execution (CVE-2015-8444, CVE-2015-8443, + CVE-2015-8417, CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, + CVE-2015-8053, CVE-2015-8045, CVE-2015-8051, CVE-2015-8060, + CVE-2015-8419, CVE-2015-8408).

+ +

+ These updates resolve security bypass vulnerabilities + (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409).

+ +

+ These updates resolve a stack overflow vulnerability that + could lead to code execution (CVE-2015-8407).

+ +

+ These updates resolve a type confusion vulnerability that + could lead to code execution (CVE-2015-8439).

+ +

+ These updates resolve an integer overflow vulnerability + that could lead to code execution (CVE-2015-8445).

+ +

+ These updates resolve a buffer overflow vulnerability that + could lead to code execution (CVE-2015-8415).

+ +

+ These updates resolve use-after-free vulnerabilities that + could lead to code execution (CVE-2015-8050, CVE-2015-8049, + CVE-2015-8437, CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, + CVE-2015-8436, CVE-2015-8452, CVE-2015-8048, CVE-2015-8413, + CVE-2015-8412, CVE-2015-8410, CVE-2015-8411, CVE-2015-8424, + CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, + CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, + CVE-2015-8426, CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, + CVE-2015-8429, CVE-2015-8434, CVE-2015-8435, CVE-2015-8414, + CVE-2015-8052, CVE-2015-8059, CVE-2015-8058, CVE-2015-8055, + CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067, + CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, + CVE-2015-8065, CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, + CVE-2015-8402, CVE-2015-8403, CVE-2015-8071, CVE-2015-8401, + CVE-2015-8406, CVE-2015-8069, CVE-2015-8070, CVE-2015-8441, + CVE-2015-8442, CVE-2015-8447).

+
+ +
+ + https://helpx.adobe.com/security/products/flash-player/apsb15-32.html + CVE-2015-8045 + CVE-2015-8047 + CVE-2015-8048 + CVE-2015-8049 + CVE-2015-8050 + CVE-2015-8051 + CVE-2015-8052 + CVE-2015-8053 + CVE-2015-8054 + CVE-2015-8055 + CVE-2015-8056 + CVE-2015-8057 + CVE-2015-8058 + CVE-2015-8059 + CVE-2015-8060 + CVE-2015-8061 + CVE-2015-8062 + CVE-2015-8063 + CVE-2015-8064 + CVE-2015-8065 + CVE-2015-8066 + CVE-2015-8067 + CVE-2015-8068 + CVE-2015-8069 + CVE-2015-8070 + CVE-2015-8071 + CVE-2015-8401 + CVE-2015-8402 + CVE-2015-8403 + CVE-2015-8404 + CVE-2015-8405 + CVE-2015-8406 + CVE-2015-8407 + CVE-2015-8408 + CVE-2015-8409 + CVE-2015-8410 + CVE-2015-8411 + CVE-2015-8412 + CVE-2015-8413 + CVE-2015-8414 + CVE-2015-8415 + CVE-2015-8416 + CVE-2015-8417 + CVE-2015-8419 + CVE-2015-8420 + CVE-2015-8421 + CVE-2015-8422 + CVE-2015-8423 + CVE-2015-8424 + CVE-2015-8425 + CVE-2015-8426 + CVE-2015-8427 + CVE-2015-8428 + CVE-2015-8429 + CVE-2015-8430 + CVE-2015-8431 + CVE-2015-8432 + CVE-2015-8433 + CVE-2015-8434 + CVE-2015-8435 + CVE-2015-8436 + CVE-2015-8437 + CVE-2015-8438 + CVE-2015-8439 + CVE-2015-8440 + CVE-2015-8441 + CVE-2015-8442 + CVE-2015-8443 + CVE-2015-8444 + CVE-2015-8445 + CVE-2015-8446 + CVE-2015-8447 + CVE-2015-8448 + CVE-2015-8449 + CVE-2015-8450 + CVE-2015-8451 + CVE-2015-8452 + CVE-2015-8453 + + + 2015-12-08 + 2015-12-08 + +
+ libressl -- NULL pointer dereference