From owner-svn-ports-all@freebsd.org Fri Sep 29 13:20:17 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31286E2CE68; Fri, 29 Sep 2017 13:20:17 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0D23265F39; Fri, 29 Sep 2017 13:20:16 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v8TDKGEf055179; Fri, 29 Sep 2017 13:20:16 GMT (envelope-from swills@FreeBSD.org) Received: (from swills@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v8TDKGYH055177; Fri, 29 Sep 2017 13:20:16 GMT (envelope-from swills@FreeBSD.org) Message-Id: <201709291320.v8TDKGYH055177@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: swills set sender to swills@FreeBSD.org using -f From: Steve Wills Date: Fri, 29 Sep 2017 13:20:16 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r450891 - head/security/vuxml X-SVN-Group: ports-head X-SVN-Commit-Author: swills X-SVN-Commit-Paths: head/security/vuxml X-SVN-Commit-Revision: 450891 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2017 13:20:17 -0000 Author: swills Date: Fri Sep 29 13:20:15 2017 New Revision: 450891 URL: https://svnweb.freebsd.org/changeset/ports/450891 Log: Fix date format While here, correct some grammar PR: 222683 Submitted by: Vladimir Krstulja Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Sep 29 12:51:15 2017 (r450890) +++ head/security/vuxml/vuln.xml Fri Sep 29 13:20:15 2017 (r450891) @@ -148,7 +148,7 @@ Notes: -

sam2p developers reports:

+

sam2p developers report:

In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp.

In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element.

@@ -169,8 +169,8 @@ Notes: CVE-2017-14637 - 2017-9-21 - 2017-9-28 + 2017-09-21 + 2017-09-28 @@ -184,7 +184,7 @@ Notes: -

libraw developers reports:

+

libraw developers report:

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

@@ -196,8 +196,8 @@ Notes: CVE-2017-14608 - 2017-9-20 - 2017-9-28 + 2017-09-20 + 2017-09-28 @@ -307,8 +307,8 @@ Notes: CVE-2017-2816 - 2017-9-13 - 2017-9-27 + 2017-09-13 + 2017-09-27 @@ -322,7 +322,7 @@ Notes: -

sugarcrm developers reports:

+

sugarcrm developers report:

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits.

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a query string. Proper input validation has been added to mitigate this issue.

@@ -342,8 +342,8 @@ Notes: CVE-2017-14510 - 2017-9-17 - 2017-9-26 + 2017-09-17 + 2017-09-26 @@ -369,8 +369,8 @@ Notes: CVE-2017-14107 - 2017-9-1 - 2017-9-27 + 2017-09-01 + 2017-09-27 @@ -398,8 +398,8 @@ Notes: CVE-2017-14227 - 2017-9-9 - 2017-9-26 + 2017-09-09 + 2017-09-26 @@ -512,7 +512,7 @@ Notes: 2017-7-22 - 2017-9-26 + 2017-09-26 @@ -538,8 +538,8 @@ Notes: CVE-2017-14348 - 2017-9-12 - 2017-9-26 + 2017-09-12 + 2017-09-26 @@ -564,8 +564,8 @@ Notes: CVE-2017-14265 - 2017-9-11 - 2017-9-26 + 2017-09-11 + 2017-09-26 @@ -593,8 +593,8 @@ Notes: CVE-2017-6362 - 2017-9-7 - 2017-9-26 + 2017-09-07 + 2017-09-26 @@ -658,8 +658,8 @@ Notes: CVE-2017-2807 - 2017-9-5 - 2017-9-26 + 2017-09-05 + 2017-09-26 @@ -685,8 +685,8 @@ Notes: CVE-2017-14181 - 2017-9-7 - 2017-9-25 + 2017-09-07 + 2017-09-25 @@ -700,7 +700,7 @@ Notes: -

ansible developers reports:

+

ansible developers report:

Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the no_log directive where the information may not be sanitized properly.

@@ -712,7 +712,7 @@ Notes: 2017-7-21 - 2017-9-25 + 2017-09-25