svn commit: r414566 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Tue May 3 23:57:04 UTC 2016
Author: junovitch
Date: Tue May 3 23:57:03 2016
New Revision: 414566
URL: https://svnweb.freebsd.org/changeset/ports/414566
Log:
Fix <url> -> <cvename> tags in OpenSSL entry plus spacing fixes.
While here, combine both entries as they both refer to the same CVEs and
we've typically done these as combined entries in the past.
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue May 3 22:53:39 2016 (r414565)
+++ head/security/vuxml/vuln.xml Tue May 3 23:57:03 2016 (r414566)
@@ -59,44 +59,6 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="01d729ca-1143-11e6-b55e-b499baebfeaf">
- <topic>LibreSSL -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>libressl</name>
- <range><lt>2.3.4</lt></range>
- </package>
- <package>
- <name>libressl-devel</name>
- <range><lt>2.3.4</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>OpenBSD reports:</p>
- <blockquote cite="https://marc.info/?l=openbsd-tech&m=146228598730414">
- <p>Memory corruption in the ASN.1 encoder</p>
- <p>Padding oracle in AES-NI CBC MAC check</p>
- <p>EVP_EncodeUpdate overflow</p>
- <p>EVP_EncryptUpdate overflow</p>
- <p>ASN.1 BIO excessive memory allocation</p>
- </blockquote>
- </body>
- </description>
- <references>
- <url>https://marc.info/?l=openbsd-tech&m=146228598730414</url>
- <url>CVE-2016-2108</url>
- <url>CVE-2016-2107</url>
- <url>CVE-2016-2105</url>
- <url>CVE-2016-2106</url>
- <url>CVE-2016-2109</url>
- </references>
- <dates>
- <discovery>2016-05-03</discovery>
- <entry>2016-05-03</entry>
- </dates>
- </vuln>
-
- <vuln vid="95564990-1138-11e6-b55e-b499baebfeaf">
<topic>OpenSSL -- multiple vulnerabilities</topic>
<affects>
<package>
@@ -107,33 +69,49 @@ Notes:
<name>linux-c6-openssl</name>
<range><lt>1.0.1e_8</lt></range>
</package>
+ <package>
+ <name>libressl</name>
+ <range><lt>2.3.4</lt></range>
+ </package>
+ <package>
+ <name>libressl-devel</name>
+ <range><lt>2.3.4</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OpenSSL reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20160503.txt">
+ <p>Memory corruption in the ASN.1 encoder</p>
<p>Padding oracle in AES-NI CBC MAC check</p>
<p>EVP_EncodeUpdate overflow</p>
<p>EVP_EncryptUpdate overflow</p>
<p>ASN.1 BIO excessive memory allocation</p>
- <p>EBCDIC overread</p>
+ <p>EBCDIC overread (OpenSSL only)</p>
</blockquote>
</body>
</description>
<references>
<url>https://www.openssl.org/news/secadv/20160503.txt</url>
- <url>CVE-2016-2107</url>
- <url>CVE-2016-2105</url>
- <url>CVE-2016-2106</url>
- <url>CVE-2016-2109</url>
- <url>CVE-2016-2176</url>
+ <url>https://marc.info/?l=openbsd-tech&m=146228598730414</url>
+ <cvename>CVE-2016-2105</cvename>
+ <cvename>CVE-2016-2106</cvename>
+ <cvename>CVE-2016-2107</cvename>
+ <cvename>CVE-2016-2108</cvename>
+ <cvename>CVE-2016-2109</cvename>
+ <cvename>CVE-2016-2176</cvename>
</references>
<dates>
<discovery>2016-05-03</discovery>
<entry>2016-05-03</entry>
+ <modified>2016-05-03</modified>
</dates>
</vuln>
+ <vuln vid="95564990-1138-11e6-b55e-b499baebfeaf">
+ <cancelled superseded="01d729ca-1143-11e6-b55e-b499baebfeaf"/>
+ </vuln>
+
<vuln vid="be72e773-1131-11e6-94fa-002590263bf5">
<topic>gitlab -- privilege escalation via "impersonate" feature</topic>
<affects>
More information about the svn-ports-head
mailing list