svn commit: r438903 - head/security/vuxml
Bernard Spil
brnrd at FreeBSD.org
Wed Apr 19 19:11:12 UTC 2017
Author: brnrd
Date: Wed Apr 19 19:11:11 2017
New Revision: 438903
URL: https://svnweb.freebsd.org/changeset/ports/438903
Log:
security/vuxml: Document vulnerabilities from Oracle 2017Q2 update
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Apr 19 19:06:19 2017 (r438902)
+++ head/security/vuxml/vuln.xml Wed Apr 19 19:11:11 2017 (r438903)
@@ -58,6 +58,78 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="d9e01c35-2531-11e7-b291-b499baebfeaf">
+ <topic>MySQL -- mulitiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mariadb55-server</name>
+ <range><lt>5.5.55</lt></range>
+ </package>
+ <package>
+ <name>mariadb100-server</name>
+ <range><lt>10.0.31</lt></range>
+ </package>
+ <package>
+ <name>mariadb101-server</name>
+ <range><lt>10.1.23</lt></range>
+ </package>
+ <package>
+ <name>mysql55-server</name>
+ <range><lt>5.5.55</lt></range>
+ </package>
+ <package>
+ <name>mysql56-server</name>
+ <range><lt>5.6.36</lt></range>
+ </package>
+ <package>
+ <name>mysql57-server</name>
+ <range><lt>5.7.18</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Oracle reports:</p>
+ <blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html">
+ <p>This Critical Patch Update contains 39 new security fixes for
+ Oracle MySQL. 11 of these vulnerabilities may be remotely
+ exploitable without authentication, i.e., may be exploited over a
+ network without requiring user credentials.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html</url>
+ <cvename>CVE-2017-3308</cvename>
+ <cvename>CVE-2017-3309</cvename>
+ <cvename>CVE-2017-3450</cvename>
+ <cvename>CVE-2017-3599</cvename>
+ <cvename>CVE-2017-3329</cvename>
+ <cvename>CVE-2017-3600</cvename>
+ <cvename>CVE-2017-3331</cvename>
+ <cvename>CVE-2017-3453</cvename>
+ <cvename>CVE-2017-3452</cvename>
+ <cvename>CVE-2017-3454</cvename>
+ <cvename>CVE-2017-3455</cvename>
+ <cvename>CVE-2017-3305</cvename>
+ <cvename>CVE-2017-3460</cvename>
+ <cvename>CVE-2017-3456</cvename>
+ <cvename>CVE-2017-3458</cvename>
+ <cvename>CVE-2017-3457</cvename>
+ <cvename>CVE-2017-3459</cvename>
+ <cvename>CVE-2017-3463</cvename>
+ <cvename>CVE-2017-3462</cvename>
+ <cvename>CVE-2017-3461</cvename>
+ <cvename>CVE-2017-3464</cvename>
+ <cvename>CVE-2017-3465</cvename>
+ <cvename>CVE-2017-3467</cvename>
+ <cvename>CVE-2017-3468</cvename>
+ </references>
+ <dates>
+ <discovery>2017-04-19</discovery>
+ <entry>2017-04-19</entry>
+ </dates>
+ </vuln>
+
<vuln vid="c6861494-1ffb-11e7-934d-d05099c0ae8c">
<topic>BIND -- multiple vulnerabilities</topic>
<affects>
@@ -196,7 +268,7 @@ Notes:
</vuln>
<vuln vid="04f29189-1a05-11e7-bc6e-b499baebfeaf">
- <topic>cURL -- out of buffer read</topic>
+ <topic>cURL -- potential memory disclosure</topic>
<affects>
<package>
<name>curl</name>
More information about the svn-ports-head
mailing list