From owner-svn-ports-head@FreeBSD.ORG  Sun Feb  2 17:28:09 2014
Return-Path: <owner-svn-ports-head@FreeBSD.ORG>
Delivered-To: svn-ports-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 36452402
 for <svn-ports-head@freebsd.org>; Sun,  2 Feb 2014 17:28:09 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 160961E0C
 for <svn-ports-head@freebsd.org>; Sun,  2 Feb 2014 17:28:09 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s12HS82I062360
 for <svn-ports-head@freebsd.org>; Sun, 2 Feb 2014 17:28:08 GMT
 (envelope-from bdrewery@freefall.freebsd.org)
Received: (from bdrewery@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id s12HS8Mf062357
 for svn-ports-head@freebsd.org; Sun, 2 Feb 2014 17:28:08 GMT
 (envelope-from bdrewery)
Received: (qmail 16867 invoked from network); 2 Feb 2014 11:28:06 -0600
Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24)
 by sweb.xzibition.com with ESMTPA; 2 Feb 2014 11:28:06 -0600
Message-ID: <52EE8022.1030506@FreeBSD.org>
Date: Sun, 02 Feb 2014 11:28:02 -0600
From: Bryan Drewery <bdrewery@FreeBSD.org>
Organization: FreeBSD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Ryan Steinmetz <zi@FreeBSD.org>, ports-committers@freebsd.org,
 svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject: Re: svn commit: r342244 - head/security/vuxml
References: <201402020351.s123pdKD030705@svn.freebsd.org>
In-Reply-To: <201402020351.s123pdKD030705@svn.freebsd.org>
X-Enigmail-Version: 1.6
OpenPGP: id=6E4697CF;
	url=http://www.shatow.net/bryan/bryan2.asc
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="NrcElrAX3bESBE4bl0NT4GAaj1nHFUHSn"
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2014 17:28:09 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--NrcElrAX3bESBE4bl0NT4GAaj1nHFUHSn
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 2/1/2014 9:51 PM, Ryan Steinmetz wrote:
> Author: zi
> Date: Sun Feb  2 03:51:39 2014
> New Revision: 342244
> URL: http://svnweb.freebsd.org/changeset/ports/342244
> QAT: https://qat.redports.org/buildarchive/r342244/
>=20
> Log:
>   - Add libyaml to the libyaml vulnerability entry

I think this should be a separate entry. The description is specific to
how pkg uses libyaml.

>=20
> Modified:
>   head/security/vuxml/vuln.xml
>=20
> Modified: head/security/vuxml/vuln.xml
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/security/vuxml/vuln.xml	Sun Feb  2 03:46:48 2014	(r342243)
> +++ head/security/vuxml/vuln.xml	Sun Feb  2 03:51:39 2014	(r342244)
> @@ -52,9 +52,13 @@ Note:  Please add new entries to the beg
>  -->
>  <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">
>    <vuln vid=3D"111f1f84-1d14-4ff2-a9ea-cf07119c0d3b">
> -    <topic>pkg -- libyaml heap overflow resulting in possible code exe=
cution</topic>
> +    <topic>libyaml heap overflow resulting in possible code execution<=
/topic>
>      <affects>
>        <package>
> +	<name>libyaml</name>
> +	<range><lt>0.1.4_3</lt></range>
> +      </package>
> +      <package>
>  	<name>pkg</name>
>  	<range><lt>1.2.6</lt></range>
>        </package>
>=20


--=20
Regards,
Bryan Drewery


--NrcElrAX3bESBE4bl0NT4GAaj1nHFUHSn
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJS7oAjAAoJEDXXcbtuRpfPI0UH/0Xca5IxyiPLIvPehn9K7uR2
7B4v/jO7jpf71hmrZYmwa17eoj34PA1e2Msj6PjneG9iq/eNNtUDjoTEvgQrV5Nd
VueLpUjMVgzon9WH80hWcvtGr6BtdylfGcve8wZpJ1QdkR+N3tf3wmfAYNFs/KnR
fAoIMfSc8A8kCYXDVtQMPbEB+HQ7sY3fQqgYMkVDm9v7UjselbsZm6vQRthOWoH7
T/a7JSJGH3r/Zzqn8D9fZLmM6KPyiA7PqDTefWgqn04LWls+3zgfVebp1sL67luf
aQ7x9b3rDs0UpzrCiraT8V+/P/+rO80MzygnHcbI9AvSZQ8nM7nvvUL/wJZa7FA=
=jl51
-----END PGP SIGNATURE-----

--NrcElrAX3bESBE4bl0NT4GAaj1nHFUHSn--