From owner-svn-ports-head@freebsd.org Tue May 3 23:57:04 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9E905B2B1AB; Tue, 3 May 2016 23:57:04 +0000 (UTC) (envelope-from junovitch@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 76A221691; Tue, 3 May 2016 23:57:04 +0000 (UTC) (envelope-from junovitch@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u43Nv3pA038469; Tue, 3 May 2016 23:57:03 GMT (envelope-from junovitch@FreeBSD.org) Received: (from junovitch@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u43Nv3K5038468; Tue, 3 May 2016 23:57:03 GMT (envelope-from junovitch@FreeBSD.org) Message-Id: <201605032357.u43Nv3K5038468@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: junovitch set sender to junovitch@FreeBSD.org using -f From: Jason Unovitch Date: Tue, 3 May 2016 23:57:03 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r414566 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2016 23:57:04 -0000 Author: junovitch Date: Tue May 3 23:57:03 2016 New Revision: 414566 URL: https://svnweb.freebsd.org/changeset/ports/414566 Log: Fix -> tags in OpenSSL entry plus spacing fixes. While here, combine both entries as they both refer to the same CVEs and we've typically done these as combined entries in the past. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue May 3 22:53:39 2016 (r414565) +++ head/security/vuxml/vuln.xml Tue May 3 23:57:03 2016 (r414566) @@ -59,44 +59,6 @@ Notes: --> - LibreSSL -- multiple vulnerabilities - - - libressl - 2.3.4 - - - libressl-devel - 2.3.4 - - - - -

OpenBSD reports:

-
Memory corruption in the ASN.1 encoder
-
Padding oracle in AES-NI CBC MAC check
-
EVP_EncodeUpdate overflow
-
EVP_EncryptUpdate overflow
-
ASN.1 BIO excessive memory allocation
-

- - - - https://marc.info/?l=openbsd-tech&m=146228598730414 - CVE-2016-2108 - CVE-2016-2107 - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2109 - - - 2016-05-03 - 2016-05-03 - - - - OpenSSL -- multiple vulnerabilities @@ -107,33 +69,49 @@ Notes: linux-c6-openssl 1.0.1e_8 + + libressl + 2.3.4 + + + libressl-devel + 2.3.4 +

OpenSSL reports:

+
Memory corruption in the ASN.1 encoder

Padding oracle in AES-NI CBC MAC check

EVP_EncodeUpdate overflow

EVP_EncryptUpdate overflow

ASN.1 BIO excessive memory allocation
-
EBCDIC overread
+
EBCDIC overread (OpenSSL only)

https://www.openssl.org/news/secadv/20160503.txt - CVE-2016-2107 - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2109 - CVE-2016-2176 + https://marc.info/?l=openbsd-tech&m=146228598730414 + CVE-2016-2105 + CVE-2016-2106 + CVE-2016-2107 + CVE-2016-2108 + CVE-2016-2109 + CVE-2016-2176 2016-05-03 2016-05-03 + 2016-05-03 + + + + gitlab -- privilege escalation via "impersonate" feature