svn commit: r393962 - head/security/vuxml
Mark Felder
feld at feld.me
Wed Aug 12 14:01:42 UTC 2015
On Tue, Aug 11, 2015, at 14:03, Jan Beich wrote:
> Author: jbeich
> Date: Tue Aug 11 19:03:36 2015
> New Revision: 393962
> URL: https://svnweb.freebsd.org/changeset/ports/393962
>
> Log:
> Move libvpx vulnerability into its own entry
>
> Modified:
> head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml Tue Aug 11 18:51:57 2015
> (r393961)
> +++ head/security/vuxml/vuln.xml Tue Aug 11 19:03:36 2015
> (r393962)
> @@ -58,6 +58,38 @@ Notes:
>
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> + <vuln vid="34e60332-2448-4ed6-93f0-12713749f250">
> + <topic>libvpx -- multiple buffer overflows</topic>
> + <affects>
> + <package>
> + <name>libvpx</name>
> + <range><lt>1.5.0</lt></range>
> + </package>
> + </affects>
This should probably be <le>1.4.0</le> as although their release process
seems obvious, they could release 1.4.1 or we could backport security
fixes to 1.4.0_1 if we can locate the commits and the fix is simple
enough, but they haven't cut a formal release yet.
I'll try to keep an eye on this too.
More information about the svn-ports-all
mailing list