From owner-svn-ports-all@freebsd.org Thu Dec 10 09:59:00 2020 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BB92E47B9F2; Thu, 10 Dec 2020 09:59:00 +0000 (UTC) (envelope-from philip@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Cs8Wm4tGbz3hl4; Thu, 10 Dec 2020 09:59:00 +0000 (UTC) (envelope-from philip@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9A1F516E8C; Thu, 10 Dec 2020 09:59:00 +0000 (UTC) (envelope-from philip@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0BA9x0mj002285; Thu, 10 Dec 2020 09:59:00 GMT (envelope-from philip@FreeBSD.org) Received: (from philip@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0BA9x0X3002283; Thu, 10 Dec 2020 09:59:00 GMT (envelope-from philip@FreeBSD.org) Message-Id: <202012100959.0BA9x0X3002283@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: philip set sender to philip@FreeBSD.org using -f From: Philip Paeps Date: Thu, 10 Dec 2020 09:59:00 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r557424 - head/security/vuxml X-SVN-Group: ports-head X-SVN-Commit-Author: philip X-SVN-Commit-Paths: head/security/vuxml X-SVN-Commit-Revision: 557424 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2020 09:59:00 -0000 Author: philip Date: Thu Dec 10 09:58:59 2020 New Revision: 557424 URL: https://svnweb.freebsd.org/changeset/ports/557424 Log: security/vuxml: FreeBSD 11.4 is vulnerable to CVE-2020-1971 As noted in FreeBSD-SA-20:33.openssl, this vulnerability is also known to affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL project is only giving patches for that version to premium support contract holders. The FreeBSD project does not have access to these patches and recommends FreeBSD 11.4 users to either upgrade to FreeBSD 12.x or leverage up to date versions of OpenSSL in the ports/pkg system. The FreeBSD Project may update this advisory to include FreeBSD 11.4 should patches become publicly available. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Dec 10 09:56:27 2020 (r557423) +++ head/security/vuxml/vuln.xml Thu Dec 10 09:58:59 2020 (r557424) @@ -99,6 +99,7 @@ Notes: FreeBSD 12.212.2_2 12.112.1_12 + 11.4