From owner-freebsd-security@FreeBSD.ORG Wed Nov 19 22:04:35 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 301311065670; Wed, 19 Nov 2008 22:04:35 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id C7FA58FC17; Wed, 19 Nov 2008 22:04:34 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender; b=l/VdnjQVje9JeWKSNqIAnVTz/3u3qCALGXq5gJhPd01IiRFIY88IMuW/xE131Vz8wL2SMr6bxROCC9ldgEueVTBC1HdiZLQpu+GGfNogPhKcpyjyYCyFLLSwV5QPe7kdWvaGcULLEg1H955sqJh8zjVEnCCRPGceFS2GFkwAeTE=; Received: from phoenix.codelabs.ru (ppp85-141-163-250.pppoe.mtu-net.ru [85.141.163.250]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1L2vA1-000A7Q-DB; Thu, 20 Nov 2008 01:04:33 +0300 Date: Thu, 20 Nov 2008 01:04:31 +0300 From: Eygene Ryabinkin To: bug-followup@freebsd.org Message-ID: References: <20081119204101.5FBD7F181F@phoenix.codelabs.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Qbvjkv9qwOGw/5Fx" Content-Disposition: inline In-Reply-To: <20081119204101.5FBD7F181F@phoenix.codelabs.ru> Sender: rea-fbsd@codelabs.ru Cc: freebsd-security@freebsd.org, tabthorpe@freebsd.org Subject: Re: ports/128998: [vuxml] document vulnerabilities in textproc/libxml2 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2008 22:04:35 -0000 --Qbvjkv9qwOGw/5Fx Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Wed, Nov 19, 2008 at 11:41:01PM +0300, Eygene Ryabinkin wrote: > The fix for the CVE-2008-4225 and CVE-2008-4226 was commited to the > textproc/libxml2 just an hour ago, but vulnerabilities seem to be left > undocumented. At least I was not able to find the corresponding PR and > reporting channels are not clear from the commit comment. The entry was added shortly after this PR by tabthorpe@, so I think that this PR can be closed now. --=20 Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual =20 )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20 {_.-``-' {_/ # --Qbvjkv9qwOGw/5Fx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkkkjW8ACgkQthUKNsbL7YiaWgCfZG6GxIlzLc2eJmTVlRAlSINr 5TUAn2/sY5m9IGybwp2ymuhsrzUxLYjV =DGME -----END PGP SIGNATURE----- --Qbvjkv9qwOGw/5Fx--