From owner-svn-ports-head@FreeBSD.ORG Thu May 29 15:13:25 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7D935800; Thu, 29 May 2014 15:13:25 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 51F51247C; Thu, 29 May 2014 15:13:25 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4TFDPHm057450; Thu, 29 May 2014 15:13:25 GMT (envelope-from feld@svn.freebsd.org) Received: (from feld@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4TFDPIS057449; Thu, 29 May 2014 15:13:25 GMT (envelope-from feld@svn.freebsd.org) Message-Id: <201405291513.s4TFDPIS057449@svn.freebsd.org> From: Mark Felder Date: Thu, 29 May 2014 15:13:25 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r355708 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2014 15:13:25 -0000 Author: feld Date: Thu May 29 15:13:24 2014 New Revision: 355708 URL: http://svnweb.freebsd.org/changeset/ports/355708 QAT: https://qat.redports.org/buildarchive/r355708/ Log: audio/mumble vulnerabilities My first foray into this dark, scary vuxml dungeon. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu May 29 15:09:42 2014 (r355707) +++ head/security/vuxml/vuln.xml Thu May 29 15:13:24 2014 (r355708) @@ -57,6 +57,62 @@ Notes: --> + + mumble -- multiple vulnerabilities + + + mumble + 1.2.01.2.6 + + + + +

Mumble reports:

+
+

SVG images with local file references could trigger client DoS

+

The Mumble client did not properly HTML-escape some external strings before using them in a rich-text (HTML) context.

+
+ + + + http://mumble.info/security/Mumble-SA-2014-005.txt + http://mumble.info/security/Mumble-SA-2014-006.txt + + + 2014-04-16 + 2014-05-29 + + + + + mumble -- NULL pointer dereference and heap-based buffer overflow + + + mumble + 1.2.4 + + + + +

Mumble reports:

+
+

A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access.

+

A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow.

+
+ + + + CVE-2014-0044 + CVE-2014-0045 + http://mumble.info/security/Mumble-SA-2014-001.txt + http://mumble.info/security/Mumble-SA-2014-002.txt + + + 2014-01-25 + 2014-05-29 + + +