svn commit: r376441 - head/security/vuxml
Matthias Andree
mandree at FreeBSD.org
Tue Jan 6 21:12:20 UTC 2015
Author: mandree
Date: Tue Jan 6 21:11:35 2015
New Revision: 376441
URL: https://svnweb.freebsd.org/changeset/ports/376441
QAT: https://qat.redports.org/buildarchive/r376441/
Log:
Add three upstream patches to busybox 1.22.1, bumping PORTREVISION to 2.
One fixes the CVE-2014-4608 buffer overrun in LZO2,
one fixes the nc app, one fixes the zcat and related apps when accessing
files without extension.
List busybox < 1.22.1_2 as vulnerable, and add CVE Name to the vulndb.
Security: CVE-2014-4608
Security: d1f5e12a-fd5a-11e3-a108-080027ef73ec
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Jan 6 20:54:55 2015 (r376440)
+++ head/security/vuxml/vuln.xml Tue Jan 6 21:11:35 2015 (r376441)
@@ -3990,6 +3990,10 @@ Notes:
<name>lzo2</name>
<range><lt>2.07</lt></range>
</package>
+ <package>
+ <name>busybox</name>
+ <range><lt>1.22.1_2</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -4009,10 +4013,12 @@ Notes:
</description>
<references>
<url>http://www.oberhumer.com/opensource/lzo/download/lzo-2.07.tar.gz</url>
+ <cvename>CVE-2014-4608</cvename>
</references>
<dates>
<discovery>2014-06-25</discovery>
<entry>2014-06-26</entry>
+ <modified>2015-01-06</modified>
</dates>
</vuln>
More information about the svn-ports-head
mailing list