Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 02 Feb 2014 11:28:02 -0600
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        Ryan Steinmetz <zi@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r342244 - head/security/vuxml
Message-ID:  <52EE8022.1030506@FreeBSD.org>
In-Reply-To: <201402020351.s123pdKD030705@svn.freebsd.org>
References:  <201402020351.s123pdKD030705@svn.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--NrcElrAX3bESBE4bl0NT4GAaj1nHFUHSn
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 2/1/2014 9:51 PM, Ryan Steinmetz wrote:
> Author: zi
> Date: Sun Feb  2 03:51:39 2014
> New Revision: 342244
> URL: http://svnweb.freebsd.org/changeset/ports/342244
> QAT: https://qat.redports.org/buildarchive/r342244/
>=20
> Log:
>   - Add libyaml to the libyaml vulnerability entry

I think this should be a separate entry. The description is specific to
how pkg uses libyaml.

>=20
> Modified:
>   head/security/vuxml/vuln.xml
>=20
> Modified: head/security/vuxml/vuln.xml
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/security/vuxml/vuln.xml	Sun Feb  2 03:46:48 2014	(r342243)
> +++ head/security/vuxml/vuln.xml	Sun Feb  2 03:51:39 2014	(r342244)
> @@ -52,9 +52,13 @@ Note:  Please add new entries to the beg
>  -->
>  <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">;
>    <vuln vid=3D"111f1f84-1d14-4ff2-a9ea-cf07119c0d3b">
> -    <topic>pkg -- libyaml heap overflow resulting in possible code exe=
cution</topic>
> +    <topic>libyaml heap overflow resulting in possible code execution<=
/topic>
>      <affects>
>        <package>
> +	<name>libyaml</name>
> +	<range><lt>0.1.4_3</lt></range>
> +      </package>
> +      <package>
>  	<name>pkg</name>
>  	<range><lt>1.2.6</lt></range>
>        </package>
>=20


--=20
Regards,
Bryan Drewery


--NrcElrAX3bESBE4bl0NT4GAaj1nHFUHSn
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJS7oAjAAoJEDXXcbtuRpfPI0UH/0Xca5IxyiPLIvPehn9K7uR2
7B4v/jO7jpf71hmrZYmwa17eoj34PA1e2Msj6PjneG9iq/eNNtUDjoTEvgQrV5Nd
VueLpUjMVgzon9WH80hWcvtGr6BtdylfGcve8wZpJ1QdkR+N3tf3wmfAYNFs/KnR
fAoIMfSc8A8kCYXDVtQMPbEB+HQ7sY3fQqgYMkVDm9v7UjselbsZm6vQRthOWoH7
T/a7JSJGH3r/Zzqn8D9fZLmM6KPyiA7PqDTefWgqn04LWls+3zgfVebp1sL67luf
aQ7x9b3rDs0UpzrCiraT8V+/P/+rO80MzygnHcbI9AvSZQ8nM7nvvUL/wJZa7FA=
=jl51
-----END PGP SIGNATURE-----

--NrcElrAX3bESBE4bl0NT4GAaj1nHFUHSn--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52EE8022.1030506>