svn commit: r471404 - head/security/vuxml
Jan Beich
jbeich at FreeBSD.org
Sat Jun 2 23:05:06 UTC 2018
Joseph Mingrone <jrm at FreeBSD.org> writes:
> Author: jrm
> Date: Sat Jun 2 20:51:48 2018
> New Revision: 471404
> URL: https://svnweb.freebsd.org/changeset/ports/471404
>
> Log:
> security/vuxml: Document devel/git CVEs (2018-11233 and 2018-11235)
>
> Modified:
> head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml Sat Jun 2 20:22:16 2018 (r471403)
> +++ head/security/vuxml/vuln.xml Sat Jun 2 20:51:48 2018 (r471404)
> @@ -58,6 +58,45 @@ Notes:
> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> + <vuln vid="c7a135f4-66a4-11e8-9e63-3085a9a47796">
> + <topic>Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)</topic>
> + <affects>
> + <package>
> + <name>git</name>
> + <name>git-lite</name>
> + <range><lt>2.17.1</lt></range>
Did you miss the following?
* This release contains the same fixes made in the v2.13.7 version of
Git, covering CVE-2018-11233 and 11235, and forward-ported to
v2.14.4, v2.15.2 and v2.16.4 releases. See release notes to
v2.13.7 for details.
For one, I've requested to not backport 2.17.1.
https://lists.freebsd.org/pipermail/svn-ports-head/2018-May/178516.html
More information about the svn-ports-all
mailing list