From owner-svn-ports-all@freebsd.org Thu May 18 08:44:09 2017
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65538D71801;
Thu, 18 May 2017 08:44:09 +0000 (UTC) (envelope-from kwm@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 37518104B;
Thu, 18 May 2017 08:44:09 +0000 (UTC) (envelope-from kwm@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v4I8i8VJ019280;
Thu, 18 May 2017 08:44:08 GMT (envelope-from kwm@FreeBSD.org)
Received: (from kwm@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id v4I8i8Yn019278;
Thu, 18 May 2017 08:44:08 GMT (envelope-from kwm@FreeBSD.org)
Message-Id: <201705180844.v4I8i8Yn019278@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: kwm set sender to kwm@FreeBSD.org
using -f
From: Koop Mast <kwm@FreeBSD.org>
Date: Thu, 18 May 2017 08:44:08 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
svn-ports-head@freebsd.org
Subject: svn commit: r441131 - head/security/vuxml
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
<mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
<mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2017 08:44:09 -0000
Author: kwm
Date: Thu May 18 08:44:07 2017
New Revision: 441131
URL: https://svnweb.freebsd.org/changeset/ports/441131
Log:
Document freetype2 vulnability.
Security: CVE-2017-8105, CVE-2017-8287
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu May 18 08:06:38 2017 (r441130)
+++ head/security/vuxml/vuln.xml Thu May 18 08:44:07 2017 (r441131)
@@ -58,6 +58,35 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="4a088d67-3af2-11e7-9d75-c86000169601">
+ <topic>freetype2 -- buffer overflows</topic>
+ <affects>
+ <package>
+ <name>freetype2</name>
+ <range><lt>2.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Werner Lemberg reports:</p>
+ <blockquote cite="http://lists.nongnu.org/archive/html/freetype-announce/2017-05/msg00000.html">
+ <p>CVE-2017-8105, CVE-2017-8287: Older FreeType versions have
+ out-of-bounds writes caused by heap-based buffer overflows
+ related to Type 1 fonts.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://lists.nongnu.org/archive/html/freetype-announce/2017-05/msg00000.html</url>
+ <cvename>CVE-2017-8105</cvename>
+ <cvename>CVE-2017-8287</cvename>
+ </references>
+ <dates>
+ <discovery>2017-05-17</discovery>
+ <entry>2017-05-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="04cc7bd2-3686-11e7-aa64-080027ef73ec">
<topic>OpenVPN -- two remote denial-of-service vulnerabilities</topic>
<affects>