From owner-svn-ports-head@FreeBSD.ORG Fri Oct 25 15:55:41 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 82E58AD8; Fri, 25 Oct 2013 15:55:41 +0000 (UTC) (envelope-from wg@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 7067C2FA2; Fri, 25 Oct 2013 15:55:41 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r9PFtfWq022931; Fri, 25 Oct 2013 15:55:41 GMT (envelope-from wg@svn.freebsd.org) Received: (from wg@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r9PFtfXb022930; Fri, 25 Oct 2013 15:55:41 GMT (envelope-from wg@svn.freebsd.org) Message-Id: <201310251555.r9PFtfXb022930@svn.freebsd.org> From: William Grzybowski Date: Fri, 25 Oct 2013 15:55:41 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r331604 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2013 15:55:41 -0000 Author: wg Date: Fri Oct 25 15:55:40 2013 New Revision: 331604 URL: http://svnweb.freebsd.org/changeset/ports/331604 Log: - Document gnutls3 denial of service CVE Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Oct 25 15:54:53 2013 (r331603) +++ head/security/vuxml/vuln.xml Fri Oct 25 15:55:40 2013 (r331604) @@ -51,6 +51,34 @@ Note: Please add new entries to the beg --> + + gnutls -- denial of service + + + gnutls3 + 3.1.15 + + + + +

Salvatore Bonaccorso reports:

+
+

This vulnerability affects the DANE library of gnutls 3.1.x and + gnutls 3.2.x. A server that returns more 4 DANE entries could + corrupt the memory of a requesting client.

+
+ + + + CVE-2013-4466 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4466 + + + 2013-10-25 + 2013-10-25 + + + xorg-server -- use after free