Date: Sun, 11 Feb 2018 09:49:05 +0100 From: Jan Beich <jbeich@FreeBSD.org> To: "Carlos J. Puga Medina" <cpm@FreeBSD.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r461331 - head/security/vuxml Message-ID: <d11b-52ta-wny@FreeBSD.org> In-Reply-To: <201802092003.w19K36MO048886@repo.freebsd.org> (Carlos J. Puga Medina's message of "Fri, 9 Feb 2018 20:03:06 %2B0000 (UTC)") References: <201802092003.w19K36MO048886@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Carlos J. Puga Medina" <cpm@FreeBSD.org> writes: > Author: cpm > Date: Fri Feb 9 20:03:06 2018 > New Revision: 461331 > URL: https://svnweb.freebsd.org/changeset/ports/461331 > > Log: > Document vulnerability in Mpv > > PR: 225783 > Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> > Obtained from: https://nvd.nist.gov/vuln/detail/CVE-2018-6360 > Security: CVE-2018-6360 > > Modified: > head/security/vuxml/vuln.xml > > Modified: head/security/vuxml/vuln.xml > ============================================================================== > --- head/security/vuxml/vuln.xml Fri Feb 9 19:54:06 2018 (r461330) > +++ head/security/vuxml/vuln.xml Fri Feb 9 20:03:06 2018 (r461331) > @@ -58,6 +58,39 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; > + <vuln vid="3ee6e521-0d32-11e8-99b0-d017c2987f9a"> > + <topic>mpv -- arbitrary code execution via crafted website</topic> > + <affects> > + <package> > + <name>mpv</name> > + <range><le>0.28.0</le></range> CVE-2018-6360 was also fixed in 0.27.1, see https://github.com/mpv-player/mpv/issues/5507 https://github.com/mpv-player/mpv/releases/tag/v0.27.1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d11b-52ta-wny>