svn commit: r402100 - head/security/vuxml
Koop Mast
kwm at FreeBSD.org
Fri Nov 20 20:37:20 UTC 2015
Author: kwm
Date: Fri Nov 20 20:37:18 2015
New Revision: 402100
URL: https://svnweb.freebsd.org/changeset/ports/402100
Log:
Document libxslt:
CVE-2015-7995
Document libxml2 :
CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500
CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Nov 20 20:28:54 2015 (r402099)
+++ head/security/vuxml/vuln.xml Fri Nov 20 20:37:18 2015 (r402100)
@@ -58,6 +58,93 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="ecc268f2-8fc2-11e5-918c-bcaec565249c">
+ <topic>libxslt -- DoS vulnability due to type confusing error</topic>
+ <affects>
+ <package>
+ <name>libsxlt</name>
+ <range><lt>1.1.28_8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>libxslt maintainer reports:</p>
+ <blockquote cite="https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617">
+ <p>CVE-2015-7995:
+ http://www.openwall.com/lists/oss-security/2015/10/27/10
+ We need to check that the parent node is an element before
+ dereferencing its namespace.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7995</cvename>
+ <url>https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617</url>
+ </references>
+ <dates>
+ <discovery>2015-10-29</discovery>
+ <entry>2015-11-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e5423caf-8fb8-11e5-918c-bcaec565249c">
+ <topic>libxml2 -- multiple vulnabilities</topic>
+ <affects>
+ <package>
+ <name>libxml2</name>
+ <range><lt>2.9.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>reports:</p>
+ <blockquote cite="http://xmlsoft.org/news.html">
+ <p>CVE-2015-5312 Another entity expansion issue (David Drysdale).</p>
+ <p>CVE-2015-7497 Avoid an heap buffer overflow in
+ xmlDictComputeFastQKey (David Drysdale).</p>
+ <p>CVE-2015-7498 Avoid processing entities after encoding
+ conversion failures (Daniel Veillard).</p>
+ <p>CVE-2015-7499 (1) Add xmlHaltParser() to stop the parser
+ (Daniel Veillard).</p>
+ <p>CVE-2015-7499 (2) Detect incoherency on GROW (Daniel
+ Veillard).</p>
+ <p>CVE-2015-7500 Fix memory access error due to incorrect
+ entities boundaries (Daniel Veillard).</p>
+ <p>CVE-2015-7941 (1) Stop parsing on entities boundaries
+ errors (Daniel Veillard).</p>
+ <p>CVE-2015-7941 (2) Cleanup conditional section error
+ handling (Daniel Veillard).</p>
+ <p>CVE-2015-7942 Another variation of overflow in
+ Conditional sections (Daniel Veillard).</p>
+ <p>CVE-2015-7942 (2) Fix an error in previous Conditional
+ section patch (Daniel Veillard).</p>
+ <p>CVE-2015-8035 Fix XZ compression support loop
+ (Daniel Veillard).</p>
+ <p>CVE-2015-8242 Buffer overead with HTML parser in push
+ mode (Hugh Davenport)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5312</cvename>
+ <cvename>CVE-2015-7497</cvename>
+ <cvename>CVE-2015-7498</cvename>
+ <cvename>CVE-2015-7499</cvename>
+ <cvename>CVE-2015-7500</cvename>
+ <cvename>CVE-2015-7941</cvename>
+ <cvename>CVE-2015-7942</cvename>
+ <cvename>CVE-2015-8035</cvename>
+ <cvename>CVE-2015-8241</cvename>
+ <cvename>CVE-2015-8242</cvename>
+ <url>http://xmlsoft.org/news.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/11/18/23</url>
+ </references>
+ <dates>
+ <discovery>2015-11-20</discovery>
+ <entry>2015-11-20</entry>
+ </dates>
+ </vuln>
+
<vuln vid="9d04936c-75f1-4a2c-9ade-4c1708be5df9">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list