Date: Wed, 9 Mar 2016 22:58:44 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r410735 - head/security/vuxml Message-ID: <201603092258.u29Mwicm097349@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Wed Mar 9 22:58:44 2016 New Revision: 410735 URL: https://svnweb.freebsd.org/changeset/ports/410735 Log: Update libotr vulnerability information Correct description is "integer overflow" libotr3 has also been added as vulnerable. It appears vulnerable as it also has datalen defined as unsigned int and identical functions. Security: http://www.vuxml.org/freebsd/c2b1652c-e647-11e5-85be-14dae9d210b8.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Mar 9 22:51:03 2016 (r410734) +++ head/security/vuxml/vuln.xml Wed Mar 9 22:58:44 2016 (r410735) @@ -59,12 +59,16 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuln vid="c2b1652c-e647-11e5-85be-14dae9d210b8"> - <topic>libotr -- use after free</topic> + <topic>libotr -- integer overflow</topic> <affects> <package> <name>libotr</name> <range><lt>4.1.1</lt></range> </package> + <package> + <name>libotr3</name> + <range><ge>0</ge></range> + </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> @@ -82,6 +86,7 @@ Notes: <dates> <discovery>2016-02-17</discovery> <entry>2016-03-09</entry> + <modified>2016-03-09</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603092258.u29Mwicm097349>