svn commit: r455113 - head/security/vuxml
Bernard Spil
brnrd at FreeBSD.org
Wed Nov 29 14:36:53 UTC 2017
Author: brnrd
Date: Wed Nov 29 14:36:51 2017
New Revision: 455113
URL: https://svnweb.freebsd.org/changeset/ports/455113
Log:
security/vuxml: Fix formatting
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Nov 29 14:26:57 2017 (r455112)
+++ head/security/vuxml/vuln.xml Wed Nov 29 14:36:51 2017 (r455113)
@@ -70,14 +70,14 @@ Notes:
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The cURL project reports:</p>
<blockquote cite="https://curl.haxx.se/changes.html">
- <ul><li><p>NTLM buffer overflow via integer overflow
+ <ul><li>NTLM buffer overflow via integer overflow
(CVE-2017-8816)<br/>libcurl contains a buffer overrun flaw
in the NTLM authentication code.
The internal function Curl_ntlm_core_mk_ntlmv2_hash sums up
the lengths of the user name + password (= SUM) and multiplies
the sum by two (= SIZE) to figure out how large storage to
- allocate from the heap.</p>
- <p>FTP wildcard out of bounds read (CVE-2017-8817)<br/>
+ allocate from the heap.</li>
+ <li>FTP wildcard out of bounds read (CVE-2017-8817)<br/>
libcurl contains a read out of bounds flaw in the FTP wildcard
function.
libcurl's FTP wildcard matching feature, which is enabled with
@@ -86,8 +86,8 @@ Notes:
has a flaw that makes it not detect the end of the pattern
string if it ends with an open bracket ([) but instead it will
continue reading the heap beyond the end of the URL buffer that
- holds the wildcard.</p>
- <p>SSL out of buffer access (CVE-2017-8818)<br/>
+ holds the wildcard.</li>
+ <li>SSL out of buffer access (CVE-2017-8818)<br/>
libcurl contains an out boundary access flaw in SSL related code.
When allocating memory for a connection (the internal struct
called connectdata), a certain amount of memory is allocated at
@@ -95,7 +95,7 @@ Notes:
structs are used by the particular SSL library libcurl is built
to use. The application can also tell libcurl which specific SSL
library to use if it was built to support more than one.
- </p></li></ul>
+ </li></ul>
</blockquote>
</body>
</description>
More information about the svn-ports-all
mailing list