svn commit: r417842 - head/security/vuxml
Cy Schubert
Cy.Schubert at komquats.com
Thu Jun 30 21:19:10 UTC 2016
Cy Schubert writes:
> In message <201606302052.u5UKqdNR025451 at repo.freebsd.org>, Mark Felder
> writes:
> > Author: feld
> > Date: Thu Jun 30 20:52:39 2016
> > New Revision: 417842
> > URL: https://svnweb.freebsd.org/changeset/ports/417842
> >
> > Log:
> > Document openssl vulnerability
> >
> > PR: 210550
> > Security: CVE-2016-2177
> >
> > Modified:
> > head/security/vuxml/vuln.xml
> >
> > Modified: head/security/vuxml/vuln.xml
> > ===========================================================================
> ==
> > =
> > --- head/security/vuxml/vuln.xml Thu Jun 30 20:38:36 2016 (r41784
> > 1)
> > +++ head/security/vuxml/vuln.xml Thu Jun 30 20:52:39 2016 (r41784
> > 2)
> > @@ -58,6 +58,38 @@ Notes:
> > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> > -->
> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> > + <vuln vid="0ca24682-3f03-11e6-b3c8-14dae9d210b8">
> > + <topic>openssl -- denial of service</topic>
> > + <affects>
> > + <package>
> > + <name>openssl</name>
> > + <range><lt>1.0.2_14</lt></range>
>
> Shouldn't this be <le>1.0.2_14</le> ?
My mistake. The wording in the following is incorrect:
> + <p>OpenSSL through 1.0.2h incorrectly uses pointer arithmetic
The word "through" includes 1.0.2h, which it shouldn't. "To" excludes
1.0.2h. Or, simply replace 1.0.2h with 1.0.2g.
--
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
More information about the svn-ports-head
mailing list