Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 May 2016 23:57:03 +0000 (UTC)
From:      Jason Unovitch <junovitch@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r414566 - head/security/vuxml
Message-ID:  <201605032357.u43Nv3K5038468@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: junovitch
Date: Tue May  3 23:57:03 2016
New Revision: 414566
URL: https://svnweb.freebsd.org/changeset/ports/414566

Log:
  Fix <url> -> <cvename> tags in OpenSSL entry plus spacing fixes.
  
  While here, combine both entries as they both refer to the same CVEs and
  we've typically done these as combined entries in the past.

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue May  3 22:53:39 2016	(r414565)
+++ head/security/vuxml/vuln.xml	Tue May  3 23:57:03 2016	(r414566)
@@ -59,44 +59,6 @@ Notes:
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
   <vuln vid="01d729ca-1143-11e6-b55e-b499baebfeaf">
-    <topic>LibreSSL -- multiple vulnerabilities</topic>
-    <affects>
-      <package>
-  <name>libressl</name>
-  <range><lt>2.3.4</lt></range>
-      </package>
-      <package>
-  <name>libressl-devel</name>
-  <range><lt>2.3.4</lt></range>
-      </package>
-    </affects>
-    <description>
-      <body xmlns="http://www.w3.org/1999/xhtml">;
-  <p>OpenBSD reports:</p>
-  <blockquote cite="https://marc.info/?l=openbsd-tech&amp;m=146228598730414">;
-    <p>Memory corruption in the ASN.1 encoder</p>
-    <p>Padding oracle in AES-NI CBC MAC check</p>
-    <p>EVP_EncodeUpdate overflow</p>
-    <p>EVP_EncryptUpdate overflow</p>
-    <p>ASN.1 BIO excessive memory allocation</p>
-  </blockquote>
-      </body>
-    </description>
-    <references>
-      <url>https://marc.info/?l=openbsd-tech&amp;m=146228598730414</url>;
-      <url>CVE-2016-2108</url>
-      <url>CVE-2016-2107</url>
-      <url>CVE-2016-2105</url>
-      <url>CVE-2016-2106</url>
-      <url>CVE-2016-2109</url>
-    </references>
-    <dates>
-      <discovery>2016-05-03</discovery>
-      <entry>2016-05-03</entry>
-    </dates>
-  </vuln>
-
-  <vuln vid="95564990-1138-11e6-b55e-b499baebfeaf">
     <topic>OpenSSL -- multiple vulnerabilities</topic>
     <affects>
       <package>
@@ -107,33 +69,49 @@ Notes:
 	<name>linux-c6-openssl</name>
 	<range><lt>1.0.1e_8</lt></range>
       </package>
+      <package>
+	<name>libressl</name>
+	<range><lt>2.3.4</lt></range>
+      </package>
+      <package>
+	<name>libressl-devel</name>
+	<range><lt>2.3.4</lt></range>
+      </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>OpenSSL reports:</p>
 	<blockquote cite="https://www.openssl.org/news/secadv/20160503.txt">;
+	  <p>Memory corruption in the ASN.1 encoder</p>
 	  <p>Padding oracle in AES-NI CBC MAC check</p>
 	  <p>EVP_EncodeUpdate overflow</p>
 	  <p>EVP_EncryptUpdate overflow</p>
 	  <p>ASN.1 BIO excessive memory allocation</p>
-	  <p>EBCDIC overread</p>
+	  <p>EBCDIC overread (OpenSSL only)</p>
 	</blockquote>
       </body>
     </description>
     <references>
       <url>https://www.openssl.org/news/secadv/20160503.txt</url>;
-      <url>CVE-2016-2107</url>
-      <url>CVE-2016-2105</url>
-      <url>CVE-2016-2106</url>
-      <url>CVE-2016-2109</url>
-      <url>CVE-2016-2176</url>
+      <url>https://marc.info/?l=openbsd-tech&amp;m=146228598730414</url>;
+      <cvename>CVE-2016-2105</cvename>
+      <cvename>CVE-2016-2106</cvename>
+      <cvename>CVE-2016-2107</cvename>
+      <cvename>CVE-2016-2108</cvename>
+      <cvename>CVE-2016-2109</cvename>
+      <cvename>CVE-2016-2176</cvename>
     </references>
     <dates>
       <discovery>2016-05-03</discovery>
       <entry>2016-05-03</entry>
+      <modified>2016-05-03</modified>
     </dates>
   </vuln>
 
+  <vuln vid="95564990-1138-11e6-b55e-b499baebfeaf">
+    <cancelled superseded="01d729ca-1143-11e6-b55e-b499baebfeaf"/>
+  </vuln>
+
   <vuln vid="be72e773-1131-11e6-94fa-002590263bf5">
     <topic>gitlab -- privilege escalation via "impersonate" feature</topic>
     <affects>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605032357.u43Nv3K5038468>