From owner-svn-ports-all@freebsd.org Thu Jun 30 21:19:10 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 17D1EB88EA2; Thu, 30 Jun 2016 21:19:10 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C3F7D29EE; Thu, 30 Jun 2016 21:19:09 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from spqr.komquats.com ([96.50.22.10]) by shaw.ca with SMTP id IjJwblUk0N9d0IjJxbrCmu; Thu, 30 Jun 2016 15:16:26 -0600 X-Authority-Analysis: v=2.2 cv=QZUkhYTv c=1 sm=1 tr=0 a=jvE2nwUzI0ECrNeyr98KWA==:117 a=jvE2nwUzI0ECrNeyr98KWA==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=pD_ry4oyNxEA:10 a=6I5d2MoRAAAA:8 a=5089wCahAAAA:8 a=YxBL1-UpAAAA:8 a=cK6VGGgIWVzH-ff-3DwA:9 a=IjZwj45LgO3ly-622nXo:22 a=2Bz7-_TpOoXYCbRQratn:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id A5EBB13753; Thu, 30 Jun 2016 14:16:24 -0700 (PDT) Received: from slippy (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id u5ULGObZ089496; Thu, 30 Jun 2016 14:16:24 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201606302116.u5ULGObZ089496@slippy.cwsent.com> X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Cy Schubert cc: Mark Felder , ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r417842 - head/security/vuxml In-Reply-To: Message from Cy Schubert of "Thu, 30 Jun 2016 14:09:38 -0700." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 30 Jun 2016 14:16:24 -0700 X-CMAE-Envelope: MS4wfHavEJ25eMty9mKtHh17AfkoRsiBITBmitG/57EORHIHsVwqy5m9lLFdHnomS0+n9qp32ML0fm+miH/2qerSFPIvM6lYtj1rPq0k23l/QfRmzUvDuXw3 Nq1RoDYJq9Mje84SsCkAm0QdrWqyZ7uLj/vJ5Xmym3OK47biBJE1R7v9YaiwqIDaJsKsDhcM10WT7FY/y+uQhIqBNWBQ9q5Qu2pCu+21UOrKMjCJIcSmOa9j u8isxTDzUXrvNhsWXjnQC/qwx+nG87KqR0M9EZ03r6UV2Ta+12EEwuznaj3ApkT5 X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2016 21:19:10 -0000 Cy Schubert writes: > In message <201606302052.u5UKqdNR025451@repo.freebsd.org>, Mark Felder > writes: > > Author: feld > > Date: Thu Jun 30 20:52:39 2016 > > New Revision: 417842 > > URL: https://svnweb.freebsd.org/changeset/ports/417842 > > > > Log: > > Document openssl vulnerability > > > > PR: 210550 > > Security: CVE-2016-2177 > > > > Modified: > > head/security/vuxml/vuln.xml > > > > Modified: head/security/vuxml/vuln.xml > > =========================================================================== > == > > = > > --- head/security/vuxml/vuln.xml Thu Jun 30 20:38:36 2016 (r41784 > > 1) > > +++ head/security/vuxml/vuln.xml Thu Jun 30 20:52:39 2016 (r41784 > > 2) > > @@ -58,6 +58,38 @@ Notes: > > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > > --> > > > > + > > + openssl -- denial of service > > + > > + > > + openssl > > + 1.0.2_14 > > Shouldn't this be 1.0.2_14 ? My mistake. The wording in the following is incorrect: > +

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic The word "through" includes 1.0.2h, which it shouldn't. "To" excludes 1.0.2h. Or, simply replace 1.0.2h with 1.0.2g. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.