Date: Wed, 12 Aug 2015 09:01:40 -0500 From: Mark Felder <feld@feld.me> To: Jan Beich <jbeich@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r393962 - head/security/vuxml Message-ID: <1439388100.608633.354360737.36774BC8@webmail.messagingengine.com> In-Reply-To: <201508111903.t7BJ3aD3086878@repo.freebsd.org> References: <201508111903.t7BJ3aD3086878@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 11, 2015, at 14:03, Jan Beich wrote: > Author: jbeich > Date: Tue Aug 11 19:03:36 2015 > New Revision: 393962 > URL: https://svnweb.freebsd.org/changeset/ports/393962 > > Log: > Move libvpx vulnerability into its own entry > > Modified: > head/security/vuxml/vuln.xml > > Modified: head/security/vuxml/vuln.xml > ============================================================================== > --- head/security/vuxml/vuln.xml Tue Aug 11 18:51:57 2015 > (r393961) > +++ head/security/vuxml/vuln.xml Tue Aug 11 19:03:36 2015 > (r393962) > @@ -58,6 +58,38 @@ Notes: > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; > + <vuln vid="34e60332-2448-4ed6-93f0-12713749f250"> > + <topic>libvpx -- multiple buffer overflows</topic> > + <affects> > + <package> > + <name>libvpx</name> > + <range><lt>1.5.0</lt></range> > + </package> > + </affects> This should probably be <le>1.4.0</le> as although their release process seems obvious, they could release 1.4.1 or we could backport security fixes to 1.4.0_1 if we can locate the commits and the fix is simple enough, but they haven't cut a formal release yet. I'll try to keep an eye on this too.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1439388100.608633.354360737.36774BC8>