Date: Tue, 6 Jan 2015 21:11:36 +0000 (UTC) From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r376441 - head/security/vuxml Message-ID: <201501062111.t06LBahE035862@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mandree Date: Tue Jan 6 21:11:35 2015 New Revision: 376441 URL: https://svnweb.freebsd.org/changeset/ports/376441 QAT: https://qat.redports.org/buildarchive/r376441/ Log: Add three upstream patches to busybox 1.22.1, bumping PORTREVISION to 2. One fixes the CVE-2014-4608 buffer overrun in LZO2, one fixes the nc app, one fixes the zcat and related apps when accessing files without extension. List busybox < 1.22.1_2 as vulnerable, and add CVE Name to the vulndb. Security: CVE-2014-4608 Security: d1f5e12a-fd5a-11e3-a108-080027ef73ec Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jan 6 20:54:55 2015 (r376440) +++ head/security/vuxml/vuln.xml Tue Jan 6 21:11:35 2015 (r376441) @@ -3990,6 +3990,10 @@ Notes: <name>lzo2</name> <range><lt>2.07</lt></range> </package> + <package> + <name>busybox</name> + <range><lt>1.22.1_2</lt></range> + </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> @@ -4009,10 +4013,12 @@ Notes: </description> <references> <url>http://www.oberhumer.com/opensource/lzo/download/lzo-2.07.tar.gz</url> + <cvename>CVE-2014-4608</cvename> </references> <dates> <discovery>2014-06-25</discovery> <entry>2014-06-26</entry> + <modified>2015-01-06</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201501062111.t06LBahE035862>