Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Mar 2017 01:47:42 +0000 (UTC)
From:      Jason Unovitch <junovitch@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r437264 - head/security/vuxml
Message-ID:  <201703300147.v2U1lg5c094060@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: junovitch
Date: Thu Mar 30 01:47:42 2017
New Revision: 437264
URL: https://svnweb.freebsd.org/changeset/ports/437264

Log:
  Actually, let's refer to the original entries for these hostapd CVEs
  
  Reflect CVE-2016-4476 / VID 967b852b-1e28-11e6-8dd3-002590263bf5 in cancelled
  
  CVE-2015-5314 is in VID 976567f6-05c5-11e6-94fa-002590263bf5
  
  PR:		217906
  Security:	https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Mar 30 00:42:28 2017	(r437263)
+++ head/security/vuxml/vuln.xml	Thu Mar 30 01:47:42 2017	(r437264)
@@ -98,34 +98,7 @@ Notes:
   </vuln>
 
   <vuln vid="04bc4e23-9a70-42cb-9fec-3613632d34bc">
-    <topic>hostapd -- multiple vulnerabilities</topic>
-    <affects>
-      <package>
-	<name>hostapd</name>
-	<range><lt>2.6</lt></range>
-      </package>
-    </affects>
-    <description>
-      <body xmlns="http://www.w3.org/1999/xhtml">;
-	<p>Jouni Malinen reports:</p>
-	<blockquote cite="http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt">;
-	  <p>EAP-pwd missing last fragment length validation. (2015-7 -
-	    CVE-2015-5315)</p>
-	</blockquote>
-	<blockquote cite="http://w1.fi/security/2016-1/psk-parameter-config-update.txt">;
-	  <p>psk configuration parameter update allowing arbitrary
-	    data to be written. (2016-1 - CVE-2016-4476)</p>
-	</blockquote>
-      </body>
-    </description>
-    <references>
-      <url>CVE-2015-5314</url>
-      <url>CVE-2016-4476</url>
-    </references>
-    <dates>
-      <discovery>2016-05-03</discovery>
-      <entry>2017-03-28</entry>
-    </dates>
+    <cancelled superseded="967b852b-1e28-11e6-8dd3-002590263bf5"/>
   </vuln>
 
   <vuln vid="2826317b-10ec-11e7-944e-000c292e4fd8">

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703300147.v2U1lg5c094060>