svn commit: r424574 - head/security/vuxml
Mark Felder
feld at FreeBSD.org
Mon Oct 24 15:32:23 UTC 2016
Author: feld
Date: Mon Oct 24 15:32:21 2016
New Revision: 424574
URL: https://svnweb.freebsd.org/changeset/ports/424574
Log:
Document flash vulnerabilities
Differential Revision: https://reviews.freebsd.org/D8266
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Oct 24 15:16:51 2016 (r424573)
+++ head/security/vuxml/vuln.xml Mon Oct 24 15:32:21 2016 (r424574)
@@ -58,6 +58,59 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="2482c798-93c6-11e6-846f-bc5ff4fb5ea1">
+ <topic>flash -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <name>linux-c7-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <range><lt>11.2r202.637</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb16-32.html">
+ <p>Adobe has released security updates for Adobe Flash Player for
+ Windows, Macintosh, Linux and ChromeOS. These updates address
+ critical vulnerabilities that could potentially allow an attacker
+ to take control of the affected system.</p>
+ <p>These updates resolve a type confusion vulnerability that could
+ lead to code execution (CVE-2016-6992).</p>
+ <p>These updates resolve use-after-free vulnerabilities that could
+ lead to code execution (CVE-2016-6981, CVE-2016-6987).</p>
+ <p>These updates resolve a security bypass vulnerability
+ (CVE-2016-4286).</p>
+ <p>These updates resolve memory corruption vulnerabilities that could
+ lead to code execution (CVE-2016-4273, CVE-2016-6982,
+ CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986,
+ CVE-2016-6989, CVE-2016-6990).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4273</cvename>
+ <cvename>CVE-2016-4286</cvename>
+ <cvename>CVE-2016-6981</cvename>
+ <cvename>CVE-2016-6982</cvename>
+ <cvename>CVE-2016-6983</cvename>
+ <cvename>CVE-2016-6984</cvename>
+ <cvename>CVE-2016-6985</cvename>
+ <cvename>CVE-2016-6986</cvename>
+ <cvename>CVE-2016-6987</cvename>
+ <cvename>CVE-2016-6989</cvename>
+ <cvename>CVE-2016-6990</cvename>
+ <cvename>CVE-2016-6992</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb16-32.html</url>
+ </references>
+ <dates>
+ <discovery>2016-10-11</discovery>
+ <entry>2016-10-24</entry>
+ </dates>
+ </vuln>
+
<vuln vid="aaa9f3db-13b5-4a0e-9ed7-e5ab287098fa">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list