Date: Sat, 29 Sep 2018 23:26:59 +0000 (UTC) From: Kevin Bowling <kbowling@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r480931 - head/security/vuxml Message-ID: <201809292326.w8TNQxFQ005270@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kbowling Date: Sat Sep 29 23:26:59 2018 New Revision: 480931 URL: https://svnweb.freebsd.org/changeset/ports/480931 Log: security/vuxml: Add entry for net-p2p/bitcoin CVE-2018-17144 Add VuXML for r480928 Approved by: timur (mentor) Differential Revision: https://reviews.freebsd.org/D17360 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Sep 29 22:26:36 2018 (r480930) +++ head/security/vuxml/vuln.xml Sat Sep 29 23:26:59 2018 (r480931) @@ -58,6 +58,33 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="40a844bf-c430-11e8-96dc-000743165db0"> + <topic>bitcoin -- Denial of Service and Possible Mining Inflation</topic> + <affects> + <package> + <name>bitcoin</name> + <name>bitcoin-daemon</name> + <range><lt>0.16.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Bitcoin Core reports:</p> + <blockquote cite="https://bitcoincore.org/en/2018/09/20/notice/">; + <p>CVE-2018-17144, a fix for which was released on September 18th in Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of Service component and a critical inflation vulnerability. It was originally reported to several developers working on Bitcoin Core, as well as projects supporting other cryptocurrencies, including ABC and Unlimited on September 17th as a Denial of Service bug only, however we quickly determined that the issue was also an inflation vulnerability with the same root cause and fix.</p> + </blockquote> + </body> + </description> + <references> + <url>https://bitcoincore.org/en/2018/09/20/notice/</url>; + <cvename>CVE-2018-17144</cvename> + </references> + <dates> + <discovery>2018-09-17</discovery> + <entry>2018-09-29</entry> + </dates> + </vuln> + <vuln vid="613193a0-c1b4-11e8-ae2d-54e1ad3d6335"> <topic>spamassassin -- multiple vulnerabilities</topic> <affects> @@ -90,7 +117,7 @@ Notes: </description> <references> <url>https://seclists.org/oss-sec/2018/q3/242</url>; - <cvename>CVE-2017-15705</cvename> + <cvename>CVE-2017-15705</cvename> <cvename>CVE-2016-1238</cvename> <cvename>CVE-2018-11780</cvename> <cvename>CVE-2018-11781</cvename>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201809292326.w8TNQxFQ005270>