From owner-svn-ports-head@FreeBSD.ORG Sat Jun 1 19:22:39 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 6DBFCFE8; Sat, 1 Jun 2013 19:22:39 +0000 (UTC) (envelope-from rakuco@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 6026CC2D; Sat, 1 Jun 2013 19:22:39 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r51JMdcd076502; Sat, 1 Jun 2013 19:22:39 GMT (envelope-from rakuco@svn.freebsd.org) Received: (from rakuco@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r51JMdt9076498; Sat, 1 Jun 2013 19:22:39 GMT (envelope-from rakuco@svn.freebsd.org) Message-Id: <201306011922.r51JMdt9076498@svn.freebsd.org> From: Raphael Kubo da Costa Date: Sat, 1 Jun 2013 19:22:39 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r319586 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jun 2013 19:22:39 -0000 Author: rakuco Date: Sat Jun 1 19:22:38 2013 New Revision: 319586 URL: http://svnweb.freebsd.org/changeset/ports/319586 Log: Remove duplicate optipng vulnerability. It was separately committed in r315254, so remove the version I added in r318453. Reported by: Alexander Milanov Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Jun 1 19:18:44 2013 (r319585) +++ head/security/vuxml/vuln.xml Sat Jun 1 19:22:38 2013 (r319586) @@ -621,38 +621,6 @@ Note: Please add new entries to the beg - - optipng -- use-after-free vulnerability - - - optipng - 0.70.7.4 - - - - -

Secunia reports:

-
A vulnerability has been reported in OptiPNG, which can be - exploited by malicious people to potentially compromise a user's - system.
-
The vulnerability is caused due to a use-after-free error related - to the palette reduction functionality. No further information is - currently available.
-
Success exploitation may allow execution of arbitrary code.
-

- - - - CVE-2012-4432 - https://secunia.com/advisories/50654 - - - 2012-09-16 - 2013-05-18 - - - linux-flashplugin -- multiple vulnerabilities