Date: Sun, 03 Jun 2018 01:05:00 +0200 From: Jan Beich <jbeich@FreeBSD.org> To: Joseph Mingrone <jrm@FreeBSD.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r471404 - head/security/vuxml Message-ID: <wovg-23j7-wny@FreeBSD.org> In-Reply-To: <201806022051.w52KpnY1084315@repo.freebsd.org> (Joseph Mingrone's message of "Sat, 2 Jun 2018 20:51:49 %2B0000 (UTC)") References: <201806022051.w52KpnY1084315@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Joseph Mingrone <jrm@FreeBSD.org> writes: > Author: jrm > Date: Sat Jun 2 20:51:48 2018 > New Revision: 471404 > URL: https://svnweb.freebsd.org/changeset/ports/471404 > > Log: > security/vuxml: Document devel/git CVEs (2018-11233 and 2018-11235) > > Modified: > head/security/vuxml/vuln.xml > > Modified: head/security/vuxml/vuln.xml > ============================================================================== > --- head/security/vuxml/vuln.xml Sat Jun 2 20:22:16 2018 (r471403) > +++ head/security/vuxml/vuln.xml Sat Jun 2 20:51:48 2018 (r471404) > @@ -58,6 +58,45 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; > + <vuln vid="c7a135f4-66a4-11e8-9e63-3085a9a47796"> > + <topic>Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)</topic> > + <affects> > + <package> > + <name>git</name> > + <name>git-lite</name> > + <range><lt>2.17.1</lt></range> Did you miss the following? * This release contains the same fixes made in the v2.13.7 version of Git, covering CVE-2018-11233 and 11235, and forward-ported to v2.14.4, v2.15.2 and v2.16.4 releases. See release notes to v2.13.7 for details. For one, I've requested to not backport 2.17.1. https://lists.freebsd.org/pipermail/svn-ports-head/2018-May/178516.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wovg-23j7-wny>