Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 Jun 2016 14:16:24 -0700
From:      Cy Schubert <Cy.Schubert@komquats.com>
To:        Cy Schubert <Cy.Schubert@cschubert.com>
Cc:        Mark Felder <feld@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r417842 - head/security/vuxml
Message-ID:  <201606302116.u5ULGObZ089496@slippy.cwsent.com>
In-Reply-To: Message from Cy Schubert <Cy.Schubert@cschubert.com> of "Thu, 30 Jun 2016 14:09:38 -0700."

next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert writes:
> In message <201606302052.u5UKqdNR025451@repo.freebsd.org>, Mark Felder 
> writes:
> > Author: feld
> > Date: Thu Jun 30 20:52:39 2016
> > New Revision: 417842
> > URL: https://svnweb.freebsd.org/changeset/ports/417842
> > 
> > Log:
> >   Document openssl vulnerability
> >   
> >   PR:		210550
> >   Security:	CVE-2016-2177
> > 
> > Modified:
> >   head/security/vuxml/vuln.xml
> > 
> > Modified: head/security/vuxml/vuln.xml
> > ===========================================================================
> ==
> > =
> > --- head/security/vuxml/vuln.xml	Thu Jun 30 20:38:36 2016	(r41784
> > 1)
> > +++ head/security/vuxml/vuln.xml	Thu Jun 30 20:52:39 2016	(r41784
> > 2)
> > @@ -58,6 +58,38 @@ Notes:
> >    * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> >  -->
> >  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
> > +  <vuln vid="0ca24682-3f03-11e6-b3c8-14dae9d210b8">
> > +    <topic>openssl -- denial of service</topic>
> > +    <affects>
> > +      <package>
> > +	<name>openssl</name>
> > +	<range><lt>1.0.2_14</lt></range>
> 
> Shouldn't this be <le>1.0.2_14</le> ?

My mistake. The wording in the following is incorrect:

> +	  <p>OpenSSL through 1.0.2h incorrectly uses pointer arithmetic

The word "through" includes 1.0.2h, which it shouldn't. "To" excludes 
1.0.2h. Or, simply replace 1.0.2h with 1.0.2g.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606302116.u5ULGObZ089496>