Date: Fri, 13 Oct 2017 16:53:53 +0000 (UTC) From: Koop Mast <kwm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r452022 - head/security/vuxml Message-ID: <201710131653.v9DGrrq8098980@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kwm Date: Fri Oct 13 16:53:53 2017 New Revision: 452022 URL: https://svnweb.freebsd.org/changeset/ports/452022 Log: Document xorg-server CVEs 2017-12176 through 2017-12187. While here replace the SO-AND-SO part in the description of the previous xorg-server entry[1], with the Alan Coopersmith who send the announce mail to xorg-announce@ mailing list. [1] entry: 4f8ffb9c-f388-4fbd-b90f-b3131559d888 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Oct 13 16:53:10 2017 (r452021) +++ head/security/vuxml/vuln.xml Fri Oct 13 16:53:53 2017 (r452022) @@ -58,6 +58,64 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="7274e0cc-575f-41bc-8619-14a41b3c2ad0"> + <topic>xorg-server -- multiple vulnabilities</topic> + <affects> + <package> + <name>xephyr</name> + <range><lt>1.18.4_5,1</lt></range> + </package> + <package> + <name>xorg-dmx</name> + <range><lt>1.18.4_5,1</lt></range> + </package> + <package> + <name>xorg-nestserver</name> + <range><lt>1.19.1_2,2</lt></range> + </package> + <package> + <name>xorg-server</name> + <range><lt>1.18.4_5,1</lt></range> + </package> + <package> + <name>xorg-vfbserver</name> + <range><lt>1.19.1_2,1</lt></range> + </package> + <package> + <name>xwayland</name> + <range><lt>1.19.1_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Adam Jackson reports:</p> + <blockquote cite="https://lists.x.org/archives/xorg-announce/2017-October/002814.html">; + <p>One regression fix since 1.19.4 (mea culpa), and fixes for + CVEs 2017-12176 through 2017-12187.</p> + </blockquote> + </body> + </description> + <references> + <url>https://lists.x.org/archives/xorg-announce/2017-October/002814.html</url>; + <cvename>CVE-2017-12176</cvename> + <cvename>CVE-2017-12177</cvename> + <cvename>CVE-2017-12178</cvename> + <cvename>CVE-2017-12179</cvename> + <cvename>CVE-2017-12180</cvename> + <cvename>CVE-2017-12181</cvename> + <cvename>CVE-2017-12182</cvename> + <cvename>CVE-2017-12183</cvename> + <cvename>CVE-2017-12184</cvename> + <cvename>CVE-2017-12185</cvename> + <cvename>CVE-2017-12186</cvename> + <cvename>CVE-2017-12187</cvename> + </references> + <dates> + <discovery>2017-10-12</discovery> + <entry>2017-10-13</entry> + </dates> + </vuln> + <vuln vid="e837390d-0ceb-46b8-9b32-29c1195f5dc7"> <topic>solr -- Code execution via entity expansion</topic> <affects> @@ -423,7 +481,7 @@ Notes: </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>SO-AND-SO reports:</p> + <p>Alan Coopersmith reports:</p> <blockquote cite="https://lists.x.org/archives/xorg-announce/2017-October/002809.html">; <p>X.Org thanks Michal Srb of SuSE for finding these issues and bringing them to our attention, Julien Cristau of
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710131653.v9DGrrq8098980>