From owner-svn-ports-all@freebsd.org Wed Mar 9 22:58:45 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED016AC9AC9; Wed, 9 Mar 2016 22:58:45 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BE7F3E7E; Wed, 9 Mar 2016 22:58:45 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u29Mwiqg097350; Wed, 9 Mar 2016 22:58:44 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u29Mwicm097349; Wed, 9 Mar 2016 22:58:44 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201603092258.u29Mwicm097349@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Wed, 9 Mar 2016 22:58:44 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r410735 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2016 22:58:46 -0000 Author: feld Date: Wed Mar 9 22:58:44 2016 New Revision: 410735 URL: https://svnweb.freebsd.org/changeset/ports/410735 Log: Update libotr vulnerability information Correct description is "integer overflow" libotr3 has also been added as vulnerable. It appears vulnerable as it also has datalen defined as unsigned int and identical functions. Security: http://www.vuxml.org/freebsd/c2b1652c-e647-11e5-85be-14dae9d210b8.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Mar 9 22:51:03 2016 (r410734) +++ head/security/vuxml/vuln.xml Wed Mar 9 22:58:44 2016 (r410735) @@ -59,12 +59,16 @@ Notes: --> - libotr -- use after free + libotr -- integer overflow libotr 4.1.1 + + libotr3 + 0 + @@ -82,6 +86,7 @@ Notes: 2016-02-17 2016-03-09 + 2016-03-09