svn commit: r471404 - head/security/vuxml
Joseph Mingrone
jrm at FreeBSD.org
Sun Jun 3 00:38:06 UTC 2018
Jan Beich <jbeich at FreeBSD.org> writes:
> Joseph Mingrone <jrm at FreeBSD.org> writes:
>> Author: jrm
>> Date: Sat Jun 2 20:51:48 2018
>> New Revision: 471404
>> URL: https://svnweb.freebsd.org/changeset/ports/471404
>> Log:
>> security/vuxml: Document devel/git CVEs (2018-11233 and 2018-11235)
>> Modified:
>> head/security/vuxml/vuln.xml
>> Modified: head/security/vuxml/vuln.xml
>> ==============================================================================
>> --- head/security/vuxml/vuln.xml Sat Jun 2 20:22:16 2018 (r471403)
>> +++ head/security/vuxml/vuln.xml Sat Jun 2 20:51:48 2018 (r471404)
>> @@ -58,6 +58,45 @@ Notes:
>> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
>> -->
>> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>> + <vuln vid="c7a135f4-66a4-11e8-9e63-3085a9a47796">
>> + <topic>Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)</topic>
>> + <affects>
>> + <package>
>> + <name>git</name>
>> + <name>git-lite</name>
>> + <range><lt>2.17.1</lt></range>
> Did you miss the following?
> * This release contains the same fixes made in the v2.13.7 version of
> Git, covering CVE-2018-11233 and 11235, and forward-ported to
> v2.14.4, v2.15.2 and v2.16.4 releases. See release notes to
> v2.13.7 for details.
> For one, I've requested to not backport 2.17.1.
> https://lists.freebsd.org/pipermail/svn-ports-head/2018-May/178516.html
Thanks. Fixed in r471437.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 962 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20180602/86687936/attachment.sig>
More information about the svn-ports-all
mailing list