Date: Wed, 19 Apr 2017 19:11:11 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r438903 - head/security/vuxml Message-ID: <201704191911.v3JJBBa1053311@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Wed Apr 19 19:11:11 2017 New Revision: 438903 URL: https://svnweb.freebsd.org/changeset/ports/438903 Log: security/vuxml: Document vulnerabilities from Oracle 2017Q2 update Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Apr 19 19:06:19 2017 (r438902) +++ head/security/vuxml/vuln.xml Wed Apr 19 19:11:11 2017 (r438903) @@ -58,6 +58,78 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="d9e01c35-2531-11e7-b291-b499baebfeaf"> + <topic>MySQL -- mulitiple vulnerabilities</topic> + <affects> + <package> + <name>mariadb55-server</name> + <range><lt>5.5.55</lt></range> + </package> + <package> + <name>mariadb100-server</name> + <range><lt>10.0.31</lt></range> + </package> + <package> + <name>mariadb101-server</name> + <range><lt>10.1.23</lt></range> + </package> + <package> + <name>mysql55-server</name> + <range><lt>5.5.55</lt></range> + </package> + <package> + <name>mysql56-server</name> + <range><lt>5.6.36</lt></range> + </package> + <package> + <name>mysql57-server</name> + <range><lt>5.7.18</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Oracle reports:</p> + <blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html">; + <p>This Critical Patch Update contains 39 new security fixes for + Oracle MySQL. 11 of these vulnerabilities may be remotely + exploitable without authentication, i.e., may be exploited over a + network without requiring user credentials.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html</url>; + <cvename>CVE-2017-3308</cvename> + <cvename>CVE-2017-3309</cvename> + <cvename>CVE-2017-3450</cvename> + <cvename>CVE-2017-3599</cvename> + <cvename>CVE-2017-3329</cvename> + <cvename>CVE-2017-3600</cvename> + <cvename>CVE-2017-3331</cvename> + <cvename>CVE-2017-3453</cvename> + <cvename>CVE-2017-3452</cvename> + <cvename>CVE-2017-3454</cvename> + <cvename>CVE-2017-3455</cvename> + <cvename>CVE-2017-3305</cvename> + <cvename>CVE-2017-3460</cvename> + <cvename>CVE-2017-3456</cvename> + <cvename>CVE-2017-3458</cvename> + <cvename>CVE-2017-3457</cvename> + <cvename>CVE-2017-3459</cvename> + <cvename>CVE-2017-3463</cvename> + <cvename>CVE-2017-3462</cvename> + <cvename>CVE-2017-3461</cvename> + <cvename>CVE-2017-3464</cvename> + <cvename>CVE-2017-3465</cvename> + <cvename>CVE-2017-3467</cvename> + <cvename>CVE-2017-3468</cvename> + </references> + <dates> + <discovery>2017-04-19</discovery> + <entry>2017-04-19</entry> + </dates> + </vuln> + <vuln vid="c6861494-1ffb-11e7-934d-d05099c0ae8c"> <topic>BIND -- multiple vulnerabilities</topic> <affects> @@ -196,7 +268,7 @@ Notes: </vuln> <vuln vid="04f29189-1a05-11e7-bc6e-b499baebfeaf"> - <topic>cURL -- out of buffer read</topic> + <topic>cURL -- potential memory disclosure</topic> <affects> <package> <name>curl</name>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704191911.v3JJBBa1053311>