Date: Thu, 16 Mar 2017 11:37:14 +0000 (UTC) From: Tijl Coosemans <tijl@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r436271 - head/security/vuxml Message-ID: <201703161137.v2GBbECv007823@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tijl Date: Thu Mar 16 11:37:14 2017 New Revision: 436271 URL: https://svnweb.freebsd.org/changeset/ports/436271 Log: Document latest Flash Player vulnerabilities. Security: https://helpx.adobe.com/security/products/flash-player/apsb17-07.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Mar 16 11:00:11 2017 (r436270) +++ head/security/vuxml/vuln.xml Thu Mar 16 11:37:14 2017 (r436271) @@ -58,6 +58,49 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="4ffb633c-0a3b-11e7-a9f2-0011d823eebd"> + <topic>Flash Player -- multiple vulnerabilities</topic> + <affects> + <package> + <name>linux-flashplayer</name> + <range><lt>25.0.0.127</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Adobe reports:</p> + <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb17-07.html">; + <ul> + <li>These updates resolve a buffer overflow vulnerability that + could lead to code execution (CVE-2017-2997).</li> + <li>These updates resolve memory corruption vulnerabilities that + could lead to code execution (CVE-2017-2998, CVE-2017-2999).</li> + <li>These updates resolve a random number generator vulnerability + used for constant blinding that could lead to information + disclosure (CVE-2017-3000).</li> + <li>These updates resolve use-after-free vulnerabilities that + could lead to code execution (CVE-2017-3001, CVE-2017-3002, + CVE-2017-3003).</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-2997</cvename> + <cvename>CVE-2017-2998</cvename> + <cvename>CVE-2017-2999</cvename> + <cvename>CVE-2017-3000</cvename> + <cvename>CVE-2017-3001</cvename> + <cvename>CVE-2017-3002</cvename> + <cvename>CVE-2017-3003</cvename> + <url>https://helpx.adobe.com/security/products/flash-player/apsb17-07.html</url>; + </references> + <dates> + <discovery>2017-03-14</discovery> + <entry>2017-03-16</entry> + </dates> + </vuln> + <vuln vid="f41e3e54-076b-11e7-a9f2-0011d823eebd"> <topic>mbed TLS (PolarSSL) -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703161137.v2GBbECv007823>