svn commit: r348855 - head/security/vuxml
Remko Lodder
remko at FreeBSD.org
Sun Mar 23 14:52:37 UTC 2014
Hi Sergey,
This is more.. enthusiastic :-)
The idea was that if you add a new
<package>
<name>
<range>
</package>
in the existing entry, you can reuse the other text but denote which -devel
versions are affected..
Having two of the same entries is a bit..overkill :-)
Cheers
Remko
On 23 Mar 2014, at 14:40, Sergey A. Osokin <osa at FreeBSD.org> wrote:
> Author: osa
> Date: Sun Mar 23 13:40:57 2014
> New Revision: 348855
> URL: http://svnweb.freebsd.org/changeset/ports/348855
> QAT: https://qat.redports.org/buildarchive/r348855/
>
> Log:
> Split nginx and nginx-devel entries, update date.
>
> Modified:
> head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml Sun Mar 23 13:26:20 2014 (r348854)
> +++ head/security/vuxml/vuln.xml Sun Mar 23 13:40:57 2014 (r348855)
> @@ -51,14 +51,48 @@ Note: Please add new entries to the beg
>
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> + <vuln vid="da4b89ad-b28f-11e3-99ca-f0def16c5c1b">
> + <topic>nginx-devel -- SPDY heap buffer overflow</topic>
> + <affects>
> + <package>
> + <name>nginx-devel</name>
> + <range><ge>1.3.15</ge><lt>1.5.12</lt></range>
> + </package>
> + </affects>
> + <description>
> + <body xmlns="http://www.w3.org/1999/xhtml">
> + <p>The nginx project reports:</p>
> + <blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html">
> + <p>A bug in the experimental SPDY implementation in nginx was found, which
> + might allow an attacker to cause a heap memory buffer overflow in a
> + worker process by using a specially crafted request, potentially
> + resulting in arbitrary code execution (CVE-2014-0133).</p>
> +
> + <p>The problem affects nginx 1.3.15 - 1.5.11, compiled with the
> + ngx_http_spdy_module module (which is not compiled by default) and
> + without --with-debug configure option, if the "spdy" option of the
> + "listen" directive is used in a configuration file.</p>
> +
> + <p>The problem is fixed in nginx 1.5.12, 1.4.7.</p>
> + </blockquote>
> + </body>
> + </description>
> + <references>
> + <cvename>CVE-2014-0133</cvename>
> + <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html</url>
> + </references>
> + <dates>
> + <discovery>2014-03-18</discovery>
> + <entry>2014-03-23</entry>
> + </dates>
> + </vuln>
> +
> <vuln vid="fc28df92-b233-11e3-99ca-f0def16c5c1b">
> <topic>nginx -- SPDY heap buffer overflow</topic>
> <affects>
> <package>
> <name>nginx</name>
> - <name>nginx-devel</name>
> <range><lt>1.4.7</lt></range>
> - <range><lt>1.5.12</lt></range>
> </package>
> </affects>
> <description>
> @@ -85,7 +119,7 @@ Note: Please add new entries to the beg
> </references>
> <dates>
> <discovery>2014-03-18</discovery>
> - <entry>2014-03-18</entry>
> + <entry>2014-03-23</entry>
> </dates>
> </vuln>
>
> _______________________________________________
> svn-ports-all at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-ports-all
> To unsubscribe, send any mail to "svn-ports-all-unsubscribe at freebsd.org"
--
/"\ Best regards, | remko at FreeBSD.org
\ / Remko Lodder | remko at EFnet
X http://www.evilcoder.org/ |
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20140323/1e672fe6/attachment.sig>
More information about the svn-ports-all
mailing list