Date: Sun, 23 Mar 2014 15:52:32 +0100 From: Remko Lodder <remko@FreeBSD.org> To: "Sergey A. Osokin" <osa@FreeBSD.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r348855 - head/security/vuxml Message-ID: <482F13E4-4CD4-421E-BDAD-B918B2A17C11@FreeBSD.org> In-Reply-To: <201403231340.s2NDevc4012818@svn.freebsd.org> References: <201403231340.s2NDevc4012818@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_4E5931A2-5F38-4DBB-B257-DF0E6A4A7C22 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Sergey, This is more.. enthusiastic :-) The idea was that if you add a new <package> <name> <range> </package> in the existing entry, you can reuse the other text but denote which = -devel versions are affected.. Having two of the same entries is a bit..overkill :-) Cheers Remko On 23 Mar 2014, at 14:40, Sergey A. Osokin <osa@FreeBSD.org> wrote: > Author: osa > Date: Sun Mar 23 13:40:57 2014 > New Revision: 348855 > URL: http://svnweb.freebsd.org/changeset/ports/348855 > QAT: https://qat.redports.org/buildarchive/r348855/ >=20 > Log: > Split nginx and nginx-devel entries, update date. >=20 > Modified: > head/security/vuxml/vuln.xml >=20 > Modified: head/security/vuxml/vuln.xml > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/security/vuxml/vuln.xml Sun Mar 23 13:26:20 2014 = (r348854) > +++ head/security/vuxml/vuln.xml Sun Mar 23 13:40:57 2014 = (r348855) > @@ -51,14 +51,48 @@ Note: Please add new entries to the beg >=20 > --> > <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">; > + <vuln vid=3D"da4b89ad-b28f-11e3-99ca-f0def16c5c1b"> > + <topic>nginx-devel -- SPDY heap buffer overflow</topic> > + <affects> > + <package> > + <name>nginx-devel</name> > + <range><ge>1.3.15</ge><lt>1.5.12</lt></range> > + </package> > + </affects> > + <description> > + <body xmlns=3D"http://www.w3.org/1999/xhtml">; > + <p>The nginx project reports:</p> > + <blockquote = cite=3D"http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html= "> > + <p>A bug in the experimental SPDY implementation in nginx was = found, which > + might allow an attacker to cause a heap memory buffer = overflow in a > + worker process by using a specially crafted request, = potentially > + resulting in arbitrary code execution (CVE-2014-0133).</p> > + > + <p>The problem affects nginx 1.3.15 - 1.5.11, compiled with = the > + ngx_http_spdy_module module (which is not compiled by = default) and > + without --with-debug configure option, if the "spdy" option = of the > + "listen" directive is used in a configuration file.</p> > + > + <p>The problem is fixed in nginx 1.5.12, 1.4.7.</p> > + </blockquote> > + </body> > + </description> > + <references> > + <cvename>CVE-2014-0133</cvename> > + = <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html</u= rl> > + </references> > + <dates> > + <discovery>2014-03-18</discovery> > + <entry>2014-03-23</entry> > + </dates> > + </vuln> > + > <vuln vid=3D"fc28df92-b233-11e3-99ca-f0def16c5c1b"> > <topic>nginx -- SPDY heap buffer overflow</topic> > <affects> > <package> > <name>nginx</name> > - <name>nginx-devel</name> > <range><lt>1.4.7</lt></range> > - <range><lt>1.5.12</lt></range> > </package> > </affects> > <description> > @@ -85,7 +119,7 @@ Note: Please add new entries to the beg > </references> > <dates> > <discovery>2014-03-18</discovery> > - <entry>2014-03-18</entry> > + <entry>2014-03-23</entry> > </dates> > </vuln> >=20 > _______________________________________________ > svn-ports-all@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/svn-ports-all > To unsubscribe, send any mail to = "svn-ports-all-unsubscribe@freebsd.org" --=20 /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News --Apple-Mail=_4E5931A2-5F38-4DBB-B257-DF0E6A4A7C22 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTLvUxAAoJEKjD27JZ84ywZ4kP/RIMnMNB2D3shneQzw6aGaX5 EEHrgoIkTxhV4xYoV2Y5qfbGaA6XbwoKejPrP+G48RlkDIFCVz4QlsMSfVjO8OPd 6+eKLuI1TIQHZKpF7G00hOeM/2u0Oa7ZxZiY4tbOfl2uPgPRKn/AgcaM1VaMgaEU wxvdWlrVLdYSB+8+Dwd7JXe0JyPLRjU5lMDmw4WcDORmb67Lkdg41zY9PVDvixWo bmokn8M10oL4hRgVjJh/lzYhtTPba8i/qLXOWODVK/nznuHTwfO2abP+6vShtDTX BKepVN3qvRJhn4u7ggShdzNjdV8b9iCOttwaQQLWEkdaZymI95xbXUOepTYqcRQ1 8v5nySAnldA1O9MrmG7mW02rTVvvblo9QmO0+lgda3eqsGfZBBdPeghEYhGbFGiV AwVWcfgtNXe0KuBmDxNkN7c2BLknmzbJUn43AxmzITjuhhqNtE633CISHByAH7b8 fidldMupl4kxK2x5qOLyeI3j+QHsb/UvXKzhISdl/Gpm9IYNbj9D3mUw6PAQLfEW FBdfBwWi74IG4PH7EI1VsVcTuvzDr+XMzdMBQwSsew4l66zdJwrb/D8ohqUACfXQ UeqKHfu/XYAiMCOL+i+68LZ55PxAoUi1aJ0SnPymFGsx70+z6laeP3lhpYsB5PEK BFiBz5+y1HXemAaW73qI =9f6s -----END PGP SIGNATURE----- --Apple-Mail=_4E5931A2-5F38-4DBB-B257-DF0E6A4A7C22--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?482F13E4-4CD4-421E-BDAD-B918B2A17C11>