Date: Fri, 29 Sep 2017 13:20:16 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r450891 - head/security/vuxml Message-ID: <201709291320.v8TDKGYH055177@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Fri Sep 29 13:20:15 2017 New Revision: 450891 URL: https://svnweb.freebsd.org/changeset/ports/450891 Log: Fix date format While here, correct some grammar PR: 222683 Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Sep 29 12:51:15 2017 (r450890) +++ head/security/vuxml/vuln.xml Fri Sep 29 13:20:15 2017 (r450891) @@ -148,7 +148,7 @@ Notes: </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>sam2p developers reports:</p> + <p>sam2p developers report:</p> <blockquote cite="https://github.com/pts/sam2p/issues/14">; <p>In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp.</p> <p>In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element.</p> @@ -169,8 +169,8 @@ Notes: <cvename>CVE-2017-14637</cvename> </references> <dates> - <discovery>2017-9-21</discovery> - <entry>2017-9-28</entry> + <discovery>2017-09-21</discovery> + <entry>2017-09-28</entry> </dates> </vuln> @@ -184,7 +184,7 @@ Notes: </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>libraw developers reports:</p> + <p>libraw developers report:</p> <blockquote cite="https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21">; <p>In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.</p> </blockquote> @@ -196,8 +196,8 @@ Notes: <cvename>CVE-2017-14608</cvename> </references> <dates> - <discovery>2017-9-20</discovery> - <entry>2017-9-28</entry> + <discovery>2017-09-20</discovery> + <entry>2017-09-28</entry> </dates> </vuln> @@ -307,8 +307,8 @@ Notes: <cvename>CVE-2017-2816</cvename> </references> <dates> - <discovery>2017-9-13</discovery> - <entry>2017-9-27</entry> + <discovery>2017-09-13</discovery> + <entry>2017-09-27</entry> </dates> </vuln> @@ -322,7 +322,7 @@ Notes: </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>sugarcrm developers reports:</p> + <p>sugarcrm developers report:</p> <blockquote cite="https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/">; <p>An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits.</p> <p>An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a query string. Proper input validation has been added to mitigate this issue.</p> @@ -342,8 +342,8 @@ Notes: <cvename>CVE-2017-14510</cvename> </references> <dates> - <discovery>2017-9-17</discovery> - <entry>2017-9-26</entry> + <discovery>2017-09-17</discovery> + <entry>2017-09-26</entry> </dates> </vuln> @@ -369,8 +369,8 @@ Notes: <cvename>CVE-2017-14107</cvename> </references> <dates> - <discovery>2017-9-1</discovery> - <entry>2017-9-27</entry> + <discovery>2017-09-01</discovery> + <entry>2017-09-27</entry> </dates> </vuln> @@ -398,8 +398,8 @@ Notes: <cvename>CVE-2017-14227</cvename> </references> <dates> - <discovery>2017-9-9</discovery> - <entry>2017-9-26</entry> + <discovery>2017-09-09</discovery> + <entry>2017-09-26</entry> </dates> </vuln> @@ -512,7 +512,7 @@ Notes: </references> <dates> <discovery>2017-7-22</discovery> - <entry>2017-9-26</entry> + <entry>2017-09-26</entry> </dates> </vuln> @@ -538,8 +538,8 @@ Notes: <cvename>CVE-2017-14348</cvename> </references> <dates> - <discovery>2017-9-12</discovery> - <entry>2017-9-26</entry> + <discovery>2017-09-12</discovery> + <entry>2017-09-26</entry> </dates> </vuln> @@ -564,8 +564,8 @@ Notes: <cvename>CVE-2017-14265</cvename> </references> <dates> - <discovery>2017-9-11</discovery> - <entry>2017-9-26</entry> + <discovery>2017-09-11</discovery> + <entry>2017-09-26</entry> </dates> </vuln> @@ -593,8 +593,8 @@ Notes: <cvename>CVE-2017-6362</cvename> </references> <dates> - <discovery>2017-9-7</discovery> - <entry>2017-9-26</entry> + <discovery>2017-09-07</discovery> + <entry>2017-09-26</entry> </dates> </vuln> @@ -658,8 +658,8 @@ Notes: <cvename>CVE-2017-2807</cvename> </references> <dates> - <discovery>2017-9-5</discovery> - <entry>2017-9-26</entry> + <discovery>2017-09-05</discovery> + <entry>2017-09-26</entry> </dates> </vuln> @@ -685,8 +685,8 @@ Notes: <cvename>CVE-2017-14181</cvename> </references> <dates> - <discovery>2017-9-7</discovery> - <entry>2017-9-25</entry> + <discovery>2017-09-07</discovery> + <entry>2017-09-25</entry> </dates> </vuln> @@ -700,7 +700,7 @@ Notes: </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>ansible developers reports:</p> + <p>ansible developers report:</p> <blockquote cite="https://github.com/ansible/ansible/issues/22505">; <p>Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the no_log directive where the information may not be sanitized properly.</p> </blockquote> @@ -712,7 +712,7 @@ Notes: </references> <dates> <discovery>2017-7-21</discovery> - <entry>2017-9-25</entry> + <entry>2017-09-25</entry> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709291320.v8TDKGYH055177>