svn commit: r376441 - head/security/vuxml

[Matthias Andree]

Author: mandree
Date: Tue Jan  6 21:11:35 2015
New Revision: 376441
URL: https://svnweb.freebsd.org/changeset/ports/376441
QAT: https://qat.redports.org/buildarchive/r376441/

Log:
  Add three upstream patches to busybox 1.22.1, bumping PORTREVISION to 2.
  One fixes the CVE-2014-4608 buffer overrun in LZO2,
  one fixes the nc app, one fixes the zcat and related apps when accessing
  files without extension.
  
  List busybox < 1.22.1_2 as vulnerable, and add CVE Name to the vulndb.
  
  Security:	CVE-2014-4608
  Security:	d1f5e12a-fd5a-11e3-a108-080027ef73ec

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue Jan  6 20:54:55 2015	(r376440)
+++ head/security/vuxml/vuln.xml	Tue Jan  6 21:11:35 2015	(r376441)
@@ -3990,6 +3990,10 @@ Notes:
 	<name>lzo2</name>
 	<range><lt>2.07</lt></range>
       </package>
+      <package>
+	<name>busybox</name>
+	<range><lt>1.22.1_2</lt></range>
+      </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
@@ -4009,10 +4013,12 @@ Notes:
     </description>
     <references>
       <url>http://www.oberhumer.com/opensource/lzo/download/lzo-2.07.tar.gz</url>
+      <cvename>CVE-2014-4608</cvename>
     </references>
     <dates>
       <discovery>2014-06-25</discovery>
       <entry>2014-06-26</entry>
+      <modified>2015-01-06</modified>
     </dates>
   </vuln>