svn commit: r410735 - head/security/vuxml
Mark Felder
feld at FreeBSD.org
Wed Mar 9 22:58:46 UTC 2016
Author: feld
Date: Wed Mar 9 22:58:44 2016
New Revision: 410735
URL: https://svnweb.freebsd.org/changeset/ports/410735
Log:
Update libotr vulnerability information
Correct description is "integer overflow"
libotr3 has also been added as vulnerable. It appears vulnerable as it
also has datalen defined as unsigned int and identical functions.
Security: http://www.vuxml.org/freebsd/c2b1652c-e647-11e5-85be-14dae9d210b8.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Mar 9 22:51:03 2016 (r410734)
+++ head/security/vuxml/vuln.xml Wed Mar 9 22:58:44 2016 (r410735)
@@ -59,12 +59,16 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="c2b1652c-e647-11e5-85be-14dae9d210b8">
- <topic>libotr -- use after free</topic>
+ <topic>libotr -- integer overflow</topic>
<affects>
<package>
<name>libotr</name>
<range><lt>4.1.1</lt></range>
</package>
+ <package>
+ <name>libotr3</name>
+ <range><ge>0</ge></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -82,6 +86,7 @@ Notes:
<dates>
<discovery>2016-02-17</discovery>
<entry>2016-03-09</entry>
+ <modified>2016-03-09</modified>
</dates>
</vuln>
More information about the svn-ports-head
mailing list