Date: Fri, 20 Sep 2019 15:56:44 +0000 (UTC) From: Kurt Jaeger <pi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r512420 - head/security/vuxml Message-ID: <201909201556.x8KFuiFb013624@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pi Date: Fri Sep 20 15:56:44 2019 New Revision: 512420 URL: https://svnweb.freebsd.org/changeset/ports/512420 Log: security/vuxml: add CVEs for net/kea PR: 240399 Submitted by: Andrey Pevnev <apevnev@me.com> Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Sep 20 15:46:43 2019 (r512419) +++ head/security/vuxml/vuln.xml Fri Sep 20 15:56:44 2019 (r512420) @@ -58,6 +58,37 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="20b92374-d62a-11e9-af73-001b217e4ee5"> + <topic>ISC KEA -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>kea</name> + <range><lt>1.6.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Internet Systems Consortium, Inc. reports:</p> + <blockquote cite="https://gitlab.isc.org/isc-projects/kea/issues"> + <p>A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate (CVE-2019-6472) [Medium]</p> + <p>An invalid hostname option can cause the kea-dhcp4 server to terminate (CVE-2019-6473) [Medium]</p> + <p>An oversight when validating incoming client requests can lead to a situation where the Kea server<br/> + will exit when trying to restart (CVE-2019-6474) [Medium]</p> + </blockquote> + </body> + </description> + <references> + <url>https://gitlab.isc.org/isc-projects/kea/issues</url> + <cvename>CVE-2019-6472</cvename> + <cvename>CVE-2019-6473</cvename> + <cvename>CVE-2019-6474</cvename> + </references> + <dates> + <discovery>2019-08-28</discovery> + <entry>2019-09-20</entry> + </dates> + </vuln> + <vuln vid="6856d798-d950-11e9-aae4-f079596b62f9"> <topic>expat2 -- Fix extraction of namespace prefixes from XML names</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909201556.x8KFuiFb013624>