svn commit: r422775 - head/security/vuxml
Bernard Spil
brnrd at FreeBSD.org
Mon Sep 26 13:45:13 UTC 2016
Author: brnrd
Date: Mon Sep 26 13:45:12 2016
New Revision: 422775
URL: https://svnweb.freebsd.org/changeset/ports/422775
Log:
security/vuxml: Add 2016-09-26 OpenSSL entries
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Sep 26 13:41:17 2016 (r422774)
+++ head/security/vuxml/vuln.xml Mon Sep 26 13:45:12 2016 (r422775)
@@ -58,6 +58,40 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="91a337d8-83ed-11e6-bf52-b499baebfeaf">
+ <topic>OpenSSL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><lt>1.0.2j,1</lt></range>
+ </package>
+ <package>
+ <name>openssl-devel</name>
+ <range><lt>1.1.0b</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>OpenSSL reports:</p>
+ <blockquote cite="https://www.openssl.org/news/secadv/20160926.txt">
+ <p>Critical vulnerability in OpenSSL 1.1.0a<br/>
+ Fix Use After Free for large message sizes (CVE-2016-6309)</p>
+ <p>Moderate vulnerability in OpenSSL 1.0.2i<br/>
+ Missing CRL sanity check (CVE-2016-7052)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.openssl.org/news/secadv/20160926.txt</url>
+ <cvename>CVE-2016-6309</cvename>
+ <cvename>CVE-2016-7052</cvename>
+ </references>
+ <dates>
+ <discovery>2016-09-26</discovery>
+ <entry>2016-09-26</entry>
+ </dates>
+ </vuln>
+
<vuln vid="43eaa656-80bc-11e6-bf52-b499baebfeaf">
<topic>OpenSSL -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list