From owner-svn-ports-all@freebsd.org Tue Sep 6 17:08:32 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA5CCBC6427; Tue, 6 Sep 2016 17:08:32 +0000 (UTC) (envelope-from tijl@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 849C0D98; Tue, 6 Sep 2016 17:08:32 +0000 (UTC) (envelope-from tijl@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u86H8V76033704; Tue, 6 Sep 2016 17:08:31 GMT (envelope-from tijl@FreeBSD.org) Received: (from tijl@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u86H8VRV033700; Tue, 6 Sep 2016 17:08:31 GMT (envelope-from tijl@FreeBSD.org) Message-Id: <201609061708.u86H8VRV033700@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tijl set sender to tijl@FreeBSD.org using -f From: Tijl Coosemans Date: Tue, 6 Sep 2016 17:08:31 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r421447 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Sep 2016 17:08:32 -0000 Author: tijl Date: Tue Sep 6 17:08:31 2016 New Revision: 421447 URL: https://svnweb.freebsd.org/changeset/ports/421447 Log: - Add linux-*-tiff information to existing tiff vulnerabilities. - Like r419692, cancel a gif2tiff vulnerability that upstream marked WONTFIX: http://bugzilla.maptools.org/show_bug.cgi?id=2536 PR: 211552 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Sep 6 17:07:55 2016 (r421446) +++ head/security/vuxml/vuln.xml Tue Sep 6 17:08:31 2016 (r421447) @@ -4221,6 +4221,14 @@ Notes: tiff 4.0.6_2 + + linux-c6-tiff + 3.9.4_2 + + + linux-f10-tiff + * + @@ -4233,40 +4241,19 @@ Notes: https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2 + CVE-2016-5314 + CVE-2016-5320 CVE-2016-5875 2016-06-28 2016-07-15 + 2016-09-06 - tiff -- denial of service - - - tiff - 4.0.6_2 - - - - -

Aladdin Mubaied reports:

-
Buffer-overflow in gif2tiff utility
-

- - - - https://bugzilla.redhat.com/show_bug.cgi?id=1319503 - https://bugzilla.redhat.com/show_bug.cgi?id=1319666 - http://www.openwall.com/lists/oss-security/2016/03/30/2 - CVE-2016-3186 - - - 2016-03-20 - 2016-07-15 - + @@ -14950,7 +14937,15 @@ Notes: tiff - 4.0.6 + 4.0.6_1 + + + linux-c6-tiff + 3.9.4_2 + + + linux-f10-tiff + * @@ -14968,6 +14963,7 @@ Notes: 2015-12-25 2016-01-05 + 2016-09-06 @@ -14976,7 +14972,15 @@ Notes: tiff - 4.0.6 + 4.0.6_1 + + + linux-c6-tiff + 3.9.4_2 + + + linux-f10-tiff + * @@ -14993,6 +14997,7 @@ Notes: 2015-12-24 2016-01-05 + 2016-09-06