Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Jan 2017 02:48:37 +0000 (UTC)
From:      Jason Unovitch <junovitch@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r431512 - head/security/vuxml
Message-ID:  <201701150248.v0F2mboU004869@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: junovitch
Date: Sun Jan 15 02:48:37 2017
New Revision: 431512
URL: https://svnweb.freebsd.org/changeset/ports/431512

Log:
  Amend Irssi 0.8.21 entry. Another CVE was assigned.
  
  PR:		216020
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
  Security:       CVE-2017-5356
  Security:       https://vuxml.FreeBSD.org/freebsd/3d6be69b-d365-11e6-a071-001e67f15f5a.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Sun Jan 15 02:48:19 2017	(r431511)
+++ head/security/vuxml/vuln.xml	Sun Jan 15 02:48:37 2017	(r431512)
@@ -918,7 +918,7 @@ Notes:
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Irssi reports:</p>
 	<blockquote cite="https://irssi.org/security/irssi_sa_2017_01.txt">;
-	  <p>Four vulnerabilities have been located in Irssi</p>
+	  <p>Five vulnerabilities have been located in Irssi</p>
 	  <ul>
 	    <li>A NULL pointer dereference in the nickcmp function found by
 	      Joseph Bisch. (CWE-690)</li>
@@ -928,6 +928,8 @@ Notes:
 	      by Joseph Bisch. (CWE-126)</li>
 	    <li>Out of bounds read in certain incomplete character sequences
 	      found by Hanno Böck and independently by J. Bisch. (CWE-126)</li>
+	    <li>Out of bounds read when Printing the value '%['. Found by
+	      Hanno Böck. (CWE-126)</li>
 	  </ul>
 	  <p>These issues may result in denial of service (remote crash).</p>
 	</blockquote>
@@ -938,13 +940,14 @@ Notes:
       <cvename>CVE-2017-5194</cvename>
       <cvename>CVE-2017-5195</cvename>
       <cvename>CVE-2017-5196</cvename>
+      <cvename>CVE-2017-5356</cvename>
       <freebsdpr>ports/215800</freebsdpr>
       <url>https://irssi.org/security/irssi_sa_2017_01.txt</url>;
     </references>
     <dates>
       <discovery>2017-01-03</discovery>
       <entry>2017-01-05</entry>
-      <modified>2017-01-07</modified>
+      <modified>2017-01-15</modified>
     </dates>
   </vuln>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701150248.v0F2mboU004869>