Date: Sun, 14 Feb 2016 14:46:06 +0000 (UTC) From: Martin Wilke <miwi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r408859 - head/security/vuxml Message-ID: <201602141446.u1EEk64l070760@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: miwi Date: Sun Feb 14 14:46:06 2016 New Revision: 408859 URL: https://svnweb.freebsd.org/changeset/ports/408859 Log: - Fix formating Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Feb 14 14:40:21 2016 (r408858) +++ head/security/vuxml/vuln.xml Sun Feb 14 14:46:06 2016 (r408859) @@ -70,11 +70,11 @@ Notes: <p>Nghttp2 reports:</p> <blockquote cite="https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/">; <p>Out of memory in nghttpd, nghttp, and libnghttp2_asio applications - due to unlimited incoming HTTP header fields.</p> + due to unlimited incoming HTTP header fields.</p> <p>nghttpd, nghttp, and libnghttp2_asio applications do not limit the memory usage - for the incoming HTTP header field. If peer sends specially crafted HTTP/2 - HEADERS frames and CONTINUATION frames, they will crash with out of memory - error.</p> + for the incoming HTTP header field. If peer sends specially crafted HTTP/2 + HEADERS frames and CONTINUATION frames, they will crash with out of memory + error.</p> <p>Note that libnghttp2 itself is not affected by this vulnerability.</p> </blockquote> </body> @@ -158,16 +158,16 @@ Notes: </p> <ul> <li>CVE-2016-0773: This release closes security hole CVE-2016-0773, - an issue with regular expression (regex) parsing. Prior code allowed - users to pass in expressions which included out-of-range Unicode - characters, triggering a backend crash. This issue is critical for - PostgreSQL systems with untrusted users or which generate regexes - based on user input. + an issue with regular expression (regex) parsing. Prior code allowed + users to pass in expressions which included out-of-range Unicode + characters, triggering a backend crash. This issue is critical for + PostgreSQL systems with untrusted users or which generate regexes + based on user input. </li> <li>CVE-2016-0766: The update also fixes CVE-2016-0766, a privilege - escalation issue for users of PL/Java. Certain custom configuration - settings (GUCS) for PL/Java will now be modifiable only by the - database superuser + escalation issue for users of PL/Java. Certain custom configuration + settings (GUCS) for PL/Java will now be modifiable only by the + database superuser </li> </ul> </blockquote>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201602141446.u1EEk64l070760>