From owner-svn-ports-head@freebsd.org  Wed Apr 22 17:25:31 2020
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6C0BE2BB639;
 Wed, 22 Apr 2020 17:25:31 +0000 (UTC)
 (envelope-from dan@langille.org)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com
 [66.111.4.26])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 496nQ32G8Fz4Xby;
 Wed, 22 Apr 2020 17:25:30 +0000 (UTC)
 (envelope-from dan@langille.org)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
 by mailout.nyi.internal (Postfix) with ESMTP id B6CBF5C021F;
 Wed, 22 Apr 2020 13:25:30 -0400 (EDT)
Received: from imap35 ([10.202.2.85])
 by compute2.internal (MEProxy); Wed, 22 Apr 2020 13:25:30 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h=
 mime-version:message-id:in-reply-to:references:date:from:to
 :subject:content-type; s=fm1; bh=3+TmapqS9RpEKXrcQdmic4BstOZCkAT
 lYDPgCAaqD1I=; b=syN7R8sm+Cj13IwO1EZ8mi8Q37A30mqVO1TyAM0+6NyKazU
 N0dPYMe2oTlLucPBoOkz0Ih7gdoqRYI2EGHh2HDQsU8dQbGMaVrRyNOnsrrvvJl9
 VrmzhuspHrcOb/g1UTUTBCXAbYHUVRnhViav9IPtrjasOkVL6JJuMD5ryQ4btyrL
 XXWm0IlI8EZsHG1wQgI80NKZiq3vAwiUK6D/TNU3+JepZ3K6qLMa4s8xyoQ0WQn+
 5td7CHxY2n8IXxakaYxHQMs3Dkxat6viVG8CprsiAKfk/mJSwU+J3Jf2JYGly9xl
 AL+rR4GPJipayVUzKtPfWxb2NlQIHRWCO15nmVg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=3+Tmap
 qS9RpEKXrcQdmic4BstOZCkATlYDPgCAaqD1I=; b=qyuktmEYS8bmepSUiNNx5l
 60jJXhNWa5lsN1873ruCQD3ZMF8jOlgWC3R6Z5hCyEPQ2m4cfivCLXmwcl2L2aQL
 6nCDcPIlqb2df0b9sNSNpOZHGZZkp1VX98CvDkMmIEp3H8pE8SjXoIhd+TSuFaUK
 iGjnIEL5imOkc5kNAJnPF0ESq5SHp8fxRXOWOmR0QiKqNfLCc1qOxuqPf0/uuZFS
 Kd7rM5oB8uD9OOsVIFaXloy7Aa14OWsY3WtxCyHcS7n7yZ6jj1L82jRq2gIB5Elo
 FkI1YulQ1gLW6jOMzegkok4rkJzuO1Uef6PmbZM6FFEkbz3UwIlR0E2RxIyNGPDw
 ==
X-ME-Sender: <xms:Cn6gXlJG4PMZkQRDzKIWLQIbh7tSG3HNIP1M37TmSqVuuTS1rTc6lA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrgeejgddutdefucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdffrghn
 ucfnrghnghhilhhlvgdfuceouggrnheslhgrnhhgihhllhgvrdhorhhgqeenucffohhmrg
 hinhepfhhrvggvsghsugdrohhrghdpfiefrdhorhhgnecuvehluhhsthgvrhfuihiivgep
 tdenucfrrghrrghmpehmrghilhhfrhhomhepuggrnheslhgrnhhgihhllhgvrdhorhhg
X-ME-Proxy: <xmx:Cn6gXgIcSxtU5FMgu6FnDrhUPI0mkkt3Yg_6vL0GG2DA9m5j4yBWzg>
 <xmx:Cn6gXt2YWFGVcZZKiPm-TkE-yEf_qQbMhAN5pqX2vJRu__SdFb9bBg>
 <xmx:Cn6gXoyLWjz58mxGsxcYF58JNtDu_-ytEErU8fZCvwvgPO03rF1qEw>
 <xmx:Cn6gXna3RjWJFUJUGFVGDay86qXdf8CkJgoT8sNdpBubJgqDOOV_XQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
 id 2344C14C009C; Wed, 22 Apr 2020 13:25:30 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-351-g9981f4f-fmstable-20200421v1
Mime-Version: 1.0
Message-Id: <cee1f409-a1e9-4df7-ad2c-5550d527e5ee@www.fastmail.com>
In-Reply-To: <202004211829.03LITxve044691@repo.freebsd.org>
References: <202004211829.03LITxve044691@repo.freebsd.org>
Date: Wed, 22 Apr 2020 13:25:09 -0400
From: "Dan Langille" <dan@langille.org>
To: "Gordon Tetlow" <gordon@FreeBSD.org>, ports-committers@freebsd.org,
 svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject: Re: svn commit: r532291 - head/security/vuxml
Content-Type: text/plain
X-Rspamd-Queue-Id: 496nQ32G8Fz4Xby
X-Spamd-Bar: -----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-6.00 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2020 17:25:31 -0000

On Tue, Apr 21, 2020, at 2:29 PM, Gordon Tetlow wrote:
> Author: gordon (src committer)
> Date: Tue Apr 21 18:29:59 2020
> New Revision: 532291
> URL: https://svnweb.freebsd.org/changeset/ports/532291
> 
> Log:
>   Add new entries for SA-20:10 and SA-20:11.
> 
> Modified:
>   head/security/vuxml/vuln.xml
> 
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml	Tue Apr 21 18:22:15 2020	(r532290)
> +++ head/security/vuxml/vuln.xml	Tue Apr 21 18:29:59 2020	(r532291)
> @@ -58,6 +58,71 @@ Notes:
>    * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
>  -->

[snip]

> +
> +  <vuln vid="33edcc56-83f2-11ea-92ab-00163e433440">
> +    <topic>FreeBSD -- ipfw invalid mbuf handling</topic>
> +    <affects>
> +      <package>
> +	<name>FreeBSD-kernel</name>
> +	<range><ge>12.1</ge><lt>12.1_4</lt></range>
> +	<range><ge>11.3</ge><lt>11.3_8</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +      <body xmlns="http://www.w3.org/1999/xhtml">
> +	<h1>Problem Description:</h1>
> +	<p>Incomplete packet data validation may result in accessing
> +	out-of-bounds memory (CVE-2019-5614) or may access memory after it has
> +	been freed (CVE-2019-15874).</p>
> +	<h1>Impact:</h1>
> +	<p>Access to out of bounds or freed mbuf data can lead to a kernel panic or
> +	other unpredictable results.</p>
> +      </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2019-5614</cvename>
> +      <cvename>CVE-2019-15874</cvename>
> +      <freebsdsa>SA-20:10.ipfw</freebsdsa>
> +    </references>
> +    <dates>
> +      <discovery>2020-04-21</discovery>
> +      <entry>2020-04-21</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid="9fbaefb3-837e-11ea-b5b4-641c67a117d8">
>      <topic>py-twisted -- multiple vulnerabilities</topic>
>      <affects>
>

This entry is raising a false positive on patched systems. To reproduce:

freebsd-update fetch install
reboot
pkg install base-audit
add security_status_baseaudit_enable="YES" to /etc/periodic.conf
pkg audit -F
/usr/local/etc/periodic/security/405.pkg-base-audit

$ freebsd-version -uk
12.1-RELEASE-p3
12.1-RELEASE-p4

$ /usr/local/etc/periodic/security/405.pkg-base-audit

Checking for security vulnerabilities in base (userland & kernel):
Host system:
Database fetched: Wed Apr 22 11:30:00 UTC 2020
FreeBSD-kernel-12.1_3 is vulnerable:
FreeBSD -- ipfw invalid mbuf handling
CVE: CVE-2019-15874
CVE: CVE-2019-5614
WWW: https://vuxml.FreeBSD.org/freebsd/33edcc56-83f2-11ea-92ab-00163e433440.html

1 problem(s) in 1 installed package(s) found.
0 problem(s) in 0 installed package(s) found.

-- 
  Dan Langille
  dan@langille.org