svn commit: r381700 - head/security/vuxml

Xin LI delphij at FreeBSD.org
Thu Mar 19 22:54:15 UTC 2015 

Author: delphij
Date: Thu Mar 19 22:54:13 2015
New Revision: 381700
URL: https://svnweb.freebsd.org/changeset/ports/381700
QAT: https://qat.redports.org/buildarchive/r381700/

Log:
  Mention LibreSSL too.  Use <ul>'s per suggestion from vsevolod [1].
  
  PR:		198718 [1]

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Mar 19 22:32:13 2015	(r381699)
+++ head/security/vuxml/vuln.xml	Thu Mar 19 22:54:13 2015	(r381700)
@@ -72,26 +72,33 @@ Notes:
 	<name>linux-c6-openssl</name>
 	<range><gt>0</gt></range>
       </package>
+      <package>
+	<name>libressl</name>
+	<range><le>2.1.5_1</le></range>
+      </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>OpenSSL project reports:</p>
 	<blockquote cite="https://www.openssl.org/news/secadv_20150319.txt">
-	  <p>Reclassified: RSA silently downgrades to EXPORT_RSA
-	    [Client] (CVE-2015-0204)</p>
-	  <p>Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)</p>
-	  <p>ASN.1 structure reuse memory corruption (CVE-2015-0287)</p>
-	  <p>PKCS7 NULL pointer dereferences (CVE-2015-0289)</p>
-	  <p>Base64 decode (CVE-2015-0292)</p>
-	  <p>DoS via reachable assert in SSLv2 servers
-	    (CVE-2015-0293)</p>
-	  <p>Use After Free following d2i_ECPrivatekey error
-	    (CVE-2015-0209)</p>
-	  <p>X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)</p>
+	  <ul>
+	    <li>Reclassified: RSA silently downgrades to EXPORT_RSA
+	      [Client] (CVE-2015-0204).  OpenSSL only.</li>
+	    <li>Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)</li>
+	    <li>ASN.1 structure reuse memory corruption (CVE-2015-0287)</li>
+	    <li>PKCS7 NULL pointer dereferences (CVE-2015-0289)</li>
+	    <li>Base64 decode (CVE-2015-0292).  OpenSSL only.</li>
+	    <li>DoS via reachable assert in SSLv2 servers
+	      (CVE-2015-0293).  OpenSSL only.</li>
+	    <li>Use After Free following d2i_ECPrivatekey error
+	      (CVE-2015-0209)</li>
+	    <li>X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)</li>
+	  </ul>
 	</blockquote>
       </body>
     </description>
     <references>
+      <freebsdpr>ports/198681</freebsdpr>
       <cvename>CVE-2015-0204</cvename>
       <cvename>CVE-2015-0286</cvename>
       <cvename>CVE-2015-0287</cvename>
@@ -105,6 +112,7 @@ Notes:
     <dates>
       <discovery>2015-03-19</discovery>
       <entry>2015-03-19</entry>
+      <modified>2015-03-19</modified>
     </dates>
   </vuln>

More information about the svn-ports-head mailing list