svn commit: r356534 - head/security/vuxml
Bryan Drewery
bdrewery at FreeBSD.org
Wed Jun 4 20:19:46 UTC 2014
On 6/4/14, 1:50 PM, Cy Schubert wrote:
> Author: cy
> Date: Wed Jun 4 18:50:52 2014
> New Revision: 356534
> URL: http://svnweb.freebsd.org/changeset/ports/356534
> QAT: https://qat.redports.org/buildarchive/r356534/
>
> Log:
> Document gnutls CVE-2014-3466 to prevent memory corruption due to server
> hello parsing.
>
> Security: CVE-2014-3466
>
> Modified:
> head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml Wed Jun 4 18:03:35 2014 (r356533)
> +++ head/security/vuxml/vuln.xml Wed Jun 4 18:50:52 2014 (r356534)
> @@ -57,6 +57,35 @@ Notes:
>
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> + <vuln vid="9733c480-ebff-11e3-970b-206a8a720317">
..
> +<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> <vuln vid="027af74d-eb56-11e3-9032-000c2980a9f3">
> <topic>gnutls -- client-side memory corruption</topic>
> <affects>
>
Thanks!
Also please run 'make validate' before committing to this file. This
change added an extra <vuxml> that broke the parsing.
--
Regards,
Bryan Drewery
More information about the svn-ports-head
mailing list