From owner-svn-ports-head@FreeBSD.ORG  Fri May  8 17:17:04 2015
Return-Path: <owner-svn-ports-head@FreeBSD.ORG>
Delivered-To: svn-ports-head@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 6E4C77C1;
 Fri,  8 May 2015 17:17:04 +0000 (UTC)
Received: from gw.catspoiler.org (unknown [IPv6:2001:4978:f:678::2])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id F27E3147F;
 Fri,  8 May 2015 17:17:03 +0000 (UTC)
Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2])
 by gw.catspoiler.org (8.13.3/8.13.3) with ESMTP id t48HGrZZ027294;
 Fri, 8 May 2015 10:16:57 -0700 (PDT)
 (envelope-from truckman@FreeBSD.org)
Message-Id: <201505081716.t48HGrZZ027294@gw.catspoiler.org>
Date: Fri, 8 May 2015 10:16:53 -0700 (PDT)
From: Don Lewis <truckman@FreeBSD.org>
Subject: Re: svn commit: r385792 - in head/editors/openoffice-4: . files
To: bdrewery@FreeBSD.org
cc: ports-committers@FreeBSD.org, svn-ports-all@FreeBSD.org,
 svn-ports-head@FreeBSD.org
In-Reply-To: <554CDD81.8040900@FreeBSD.org>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2015 17:17:04 -0000

On  8 May, Bryan Drewery wrote:
> On 5/8/2015 10:58 AM, Don Lewis wrote:
>> Author: truckman
>> Date: Fri May  8 15:58:38 2015
>> New Revision: 385792
>> URL: https://svnweb.freebsd.org/changeset/ports/385792
>> 
>> Log:
>>   Add a patch to fix the HWP filter vulnerability documented in
>>   CVE-2015-1774 and
>>   <http://www.openoffice.org/security/cves/CVE-2015-1774.html>
>>   
>>   Approved by:	mat (mentor)
>>   MFH:		2015Q2
>>   Security:	b13af778-f4fc-11e4-a95d-ac9e174be3af
>>   Differential Revision:	https://reviews.freebsd.org/D2478
> 
> Needs a vuxml entry.

Committed it yesterday in r385716:

<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="b13af778-f4fc-11e4-a95d-ac9e174be3af">
    <topic>Vulnerablitiy in HWP document filter</topic>
    <affects>
      <package>
        <name>libreoffice</name>
        <range><lt>4.3.7</lt></range>
      </package>
      <package>
        <name>apache-openoffice</name>
        <name>apache-openoffice-devel</name>
        <range><lt>4.1.1_9</lt></range>
        <range><lt>4.2.1677190,3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>US-CERT/NIST reports:</p>
        <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2
015-1774">
          <p>The HWP filter in LibreOffice before 4.3.7 and 4.4.x before
            4.4.2 and Apache OpenOffice before 4.1.2 allows remote
            attackers to cause a denial of service (crash) or possibly
            execute arbitrary code via a crafted HWP document, which
            triggers an out-of-bounds write.</p>
        </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2015-1774</cvename>
      <url>http://www.openoffice.org/security/cves/CVE-2015-1774.html</url>
      <url>https://www.libreoffice.org/about-us/security/advisories/cve-2015-177
4/</url>
    </references>
    <dates>
      <discovery>2015-04-27</discovery>
      <entry>2015-05-07</entry>
    </dates>
  </vuln>