Date: Wed, 12 Oct 2016 02:01:12 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r423820 - head/security/vuxml Message-ID: <201610120201.u9C21CTD035024@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Wed Oct 12 02:01:11 2016 New Revision: 423820 URL: https://svnweb.freebsd.org/changeset/ports/423820 Log: Document Virtualbox vulnerabilities PR: 204406 Security: CVE-2015-4813 Security: CVE-2015-4896 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Oct 12 01:42:01 2016 (r423819) +++ head/security/vuxml/vuln.xml Wed Oct 12 02:01:11 2016 (r423820) @@ -58,6 +58,46 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="7d40edd1-901e-11e6-a590-14dae9d210b8"> + <topic>VirtualBox -- undisclosed vulnerabilities</topic> + <affects> + <package> + <name>virtualbox-ose</name> + <range><ge>5.0</ge><lt>5.0.8</lt></range> + <range><ge>4.3</ge><lt>4.3.32</lt></range> + <range><ge>4.2</ge><lt>4.2.34</lt></range> + <range><ge>4.1</ge><lt>4.1.42</lt></range> + <range><ge>4.0</ge><lt>4.0.34</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Oracle reports reports:</p> + <blockquote cite="http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html">; + <p>Unspecified vulnerability in the Oracle VM VirtualBox + component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, + 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local + users to affect availability via unknown vectors related to Core.</p> + <p>Unspecified vulnerability in the Oracle VM VirtualBox + component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, + 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature + (RDP) enabled, allows remote attackers to affect availability via + unknown vectors related to Core.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html</url>; + <cvename>CVE-2015-4813</cvename> + <cvename>CVE-2015-4896</cvename> + <freebsdpr>204406</freebsdpr> + </references> + <dates> + <discovery>2015-10-01</discovery> + <entry>2016-10-12</entry> + </dates> + </vuln> + <vuln vid="10f7f782-901c-11e6-a590-14dae9d210b8"> <topic>ImageMagick -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610120201.u9C21CTD035024>