Date: Tue, 16 Mar 2021 15:42:01 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r568571 - head/security/vuxml Message-ID: <202103161542.12GFg1k5061510@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Tue Mar 16 15:42:00 2021 New Revision: 568571 URL: https://svnweb.freebsd.org/changeset/ports/568571 Log: security/vuxml: Document LibreSSL potential use-after-free Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Mar 16 15:06:50 2021 (r568570) +++ head/security/vuxml/vuln.xml Tue Mar 16 15:42:00 2021 (r568571) @@ -78,6 +78,32 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="eeca52dc-866c-11eb-b8d6-d4c9ef517024"> + <topic>LibreSSL -- use-after-free</topic> + <affects> + <package> + <name>libressl</name> + <range><lt>3.2.4_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>OpenBSD reports:</p> + <blockquote cite="https://marc.info/?l=openbsd-announce&m=161582456312832&w=2"> + <p>A TLS client using session resumption may cause a use-after-free.</p> + </blockquote> + </body> + </description> + <references> + <url>https://marc.info/?l=openbsd-announce&m=161582456312832&w=2</url> + <url>https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/017_libssl.patch.sig</url> + </references> + <dates> + <discovery>2021-03-15</discovery> + <entry>2021-03-16</entry> + </dates> + </vuln> + <vuln vid="b81ad6d6-8633-11eb-99c5-e09467587c17"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202103161542.12GFg1k5061510>