From owner-svn-ports-all@freebsd.org Fri Jan 15 17:41:55 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 66EDCA83E6D for ; Fri, 15 Jan 2016 17:41:55 +0000 (UTC) (envelope-from sunpoet@sunpoet.net) Received: from mail-vk0-x22a.google.com (mail-vk0-x22a.google.com [IPv6:2607:f8b0:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 25D491256 for ; Fri, 15 Jan 2016 17:41:55 +0000 (UTC) (envelope-from sunpoet@sunpoet.net) Received: by mail-vk0-x22a.google.com with SMTP id k1so302358181vkb.2 for ; Fri, 15 Jan 2016 09:41:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sunpoet-net.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=Y8TUn9NMUEhqll+f5MDytd/eGyfm/SAS4ZzmBcsgI1I=; b=we9mBKL2NoLyKbyvTfh+AHVciB3AWBzqOvuZZVgh6KrrKa20SzN05DDjD3LlMdsSQT PxwJFXw+cbQozNEb1mpNmRbnbM23V17EI6nulECDyftINeYhGRsAx2sTsA+R19hjD3UE hU1zoBm6GQNITeSh1yGvf1iAqZJB7Ig8HW+g5tIT4xHVlKZn6Kql8tcWxVH0UJyZJs33 GhtWZc/sLpt4qKhpX9L5f8oKiuq7CNF8QHB66cClYi5wM7Req+L3+aXPAR2IxopyTJuM yX0Gj2I8+2l98JWkPFCQdE4WDDQ/SO7+9uUeft6RS0+sn9X4f2zwVmWCuBqAi8rv2o8+ C5yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=Y8TUn9NMUEhqll+f5MDytd/eGyfm/SAS4ZzmBcsgI1I=; b=M5yYBLd2bsc7wG/SlVEbg7n3as+HVM6eJhn9/9PU2VavJOqTZTb3t//GyhtYnmYm4B pSetQi6+k3qUroL9VugsP2NFn2fGe+LD124XLgJHog+UssroioTNGYbmoqO5HhYDLbhh C78dpS4iOmauplCe8jqJoImgyzsZIA0nlH/DOY2ambk9bImNyZYd5cDw88Gf1QOkC8Xh inGiz3V2QXurcoR8I4KeaXGP7juxeu/OWPZVLWMlLXXo+se0qJjEMca43aCuCiPPjHFY +CDuvCN37EQW5aUgkxalyucl7tEBt/sqBXngZ3nQc6KmiI8IT5Ycf+mabSpCi/ZgY7BB U+xg== X-Gm-Message-State: ALoCoQnzkhW4/MCZ/BW6fN2t9mYk43wLCdwGEtQkn/6+FqYMEK7e5F0D+cr49sEMs82tMPMFJ5BKjcwoLb7qjNAUetitzxZ4oA== X-Received: by 10.31.58.139 with SMTP id h133mr8450284vka.158.1452879714121; Fri, 15 Jan 2016 09:41:54 -0800 (PST) MIME-Version: 1.0 Sender: sunpoet@sunpoet.net Received: by 10.31.219.3 with HTTP; Fri, 15 Jan 2016 09:41:14 -0800 (PST) In-Reply-To: <201601141934.u0EJYQfc021008@repo.freebsd.org> References: <201601141934.u0EJYQfc021008@repo.freebsd.org> From: Sunpoet Po-Chuan Hsieh Date: Sat, 16 Jan 2016 01:41:14 +0800 X-Google-Sender-Auth: VUviW3EEc_yrhX7GNmfQGpdHQ0Q Message-ID: Subject: Re: svn commit: r406127 - head/security/vuxml To: Bryan Drewery Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jan 2016 17:41:55 -0000 On Fri, Jan 15, 2016 at 3:34 AM, Bryan Drewery wrote: > Author: bdrewery > Date: Thu Jan 14 19:34:26 2016 > New Revision: 406127 > URL: https://svnweb.freebsd.org/changeset/ports/406127 > > Log: > Document OpenSSH CVE-2016-0777 and CVE-2016-0778. > > Submitted by: brnrd > > Modified: > head/security/vuxml/vuln.xml > > Modified: head/security/vuxml/vuln.xml > > ============================================================================== > --- head/security/vuxml/vuln.xml Thu Jan 14 18:54:29 2016 > (r406126) > +++ head/security/vuxml/vuln.xml Thu Jan 14 19:34:26 2016 > (r406127) > @@ -58,6 +58,38 @@ Notes: > > --> > > + > + openssh -- information disclosure > + > + > + openssh-portable > + > + 5.4p0,1 > + 7.1p2,1 > Hello Bryan, % cd /usr/ports/security/openssh-portable % make -V PKGNAME openssh-portable-7.1.p2,1 % pkg version -t 7.1.p2,1 7.1p2,1 < Note the dot between 7.1 and p2. This would cause false alarm for OpenSSH 7.1p2 (openssh-portable-7.1.p2,1) users. Regards, sunpoet + > + > + > + > + > +

OpenSSH reports:

> +
> +

OpenSSH clients between versions 5.4 and 7.1 are vulnerable to > + information disclosure that may allow a malicious server to > retrieve > + information including under some circumstances, user's private > keys.

> +
> + > +
> + > + http://www.openssh.com/security.html > + CVE-2016-0777 > + CVE-2016-0778 > + > + > + 2016-01-14 > + 2016-01-14 > + > +
> + > > prosody -- multiple vulnerabilities > > _______________________________________________ > svn-ports-all@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-ports-all > To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org" >