From owner-svn-ports-all@freebsd.org Wed Aug 12 07:31:36 2015 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C55699F2A0; Wed, 12 Aug 2015 07:31:36 +0000 (UTC) (envelope-from kwm@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EE1BD26D; Wed, 12 Aug 2015 07:31:35 +0000 (UTC) (envelope-from kwm@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7C7VZNM098107; Wed, 12 Aug 2015 07:31:35 GMT (envelope-from kwm@FreeBSD.org) Received: (from kwm@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7C7VZfi098106; Wed, 12 Aug 2015 07:31:35 GMT (envelope-from kwm@FreeBSD.org) Message-Id: <201508120731.t7C7VZfi098106@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kwm set sender to kwm@FreeBSD.org using -f From: Koop Mast Date: Wed, 12 Aug 2015 07:31:35 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r394007 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Aug 2015 07:31:36 -0000 Author: kwm Date: Wed Aug 12 07:31:35 2015 New Revision: 394007 URL: https://svnweb.freebsd.org/changeset/ports/394007 Log: Document newest flash vulnabilities. Also list the c6_64 flash port. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Aug 12 07:16:36 2015 (r394006) +++ head/security/vuxml/vuln.xml Wed Aug 12 07:31:35 2015 (r394007) @@ -58,6 +58,98 @@ Notes: --> + + Adobe Flash Player -- critical vulnerabilities + + + linux-c6-flashplugin + linux-c6_64-flashplugin + 11.2r202.508 + + + linux-f10-flashplugin + 11.2r202.508 + + + + +

Adobe reports:

+
+

Adobe has released security updates for Adobe Flash Player. + These updates address critical vulnerabilities that could + potentially allow an attacker to take control of the affected + system.

+

These updates resolve type confusion vulnerabilities that could + lead to code execution (CVE-2015-5128, CVE-2015-5554, + CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).

+

These updates include further hardening to a mitigation + introduced in version 18.0.0.209 to defend against vector + length corruptions (CVE-2015-5125).

+

These updates resolve use-after-free vulnerabilities that could + lead to code execution (CVE-2015-5550, CVE-2015-5551, + CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, + CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, + CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, + CVE-2015-5564).

+

These updates resolve heap buffer overflow vulnerabilities + that could lead to code execution (CVE-2015-5129, + CVE-2015-5541).

+

These updates resolve buffer overflow vulnerabilities that + could lead to code execution (CVE-2015-5131, CVE-2015-5132, + CVE-2015-5133).

+

These updates resolve memory corruption vulnerabilities that + could lead to code execution (CVE-2015-5544, CVE-2015-5545, + CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, + CVE-2015-5552, CVE-2015-5553).

+

These updates resolve an integer overflow vulnerability that + could lead to code execution (CVE-2015-5560).

+
+ + + + CVE-2015-3107 + CVE-2015-5124 + CVE-2015-5125 + CVE-2015-5127 + CVE-2015-5128 + CVE-2015-5129 + CVE-2015-5130 + CVE-2015-5131 + CVE-2015-5132 + CVE-2015-5133 + CVE-2015-5134 + CVE-2015-5539 + CVE-2015-5540 + CVE-2015-5541 + CVE-2015-5544 + CVE-2015-5545 + CVE-2015-5546 + CVE-2015-5547 + CVE-2015-5548 + CVE-2015-5549 + CVE-2015-5550 + CVE-2015-5551 + CVE-2015-5552 + CVE-2015-5553 + CVE-2015-5554 + CVE-2015-5555 + CVE-2015-5556 + CVE-2015-5557 + CVE-2015-5558 + CVE-2015-5559 + CVE-2015-5560 + CVE-2015-5561 + CVE-2015-5562 + CVE-2015-5563 + CVE-2015-5564 + https://helpx.adobe.com/security/products/flash-player/apsb15-19.html + + + 2015-08-11 + 2015-08-12 + + + libvpx -- multiple buffer overflows