Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Jun 2021 15:01:55 GMT
From:      Dave Cottlehuber <dch@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 3ad8c34a5719 - main - security/vuxml: Pet rabbitmq-c entry
Message-ID:  <202106281501.15SF1tv0060747@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by dch:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3ad8c34a571920724d5b47b5b5b22108bdc7455d

commit 3ad8c34a571920724d5b47b5b5b22108bdc7455d
Author:     Dave Cottlehuber <dch@FreeBSD.org>
AuthorDate: 2021-06-28 14:51:30 +0000
Commit:     Dave Cottlehuber <dch@FreeBSD.org>
CommitDate: 2021-06-28 15:01:36 +0000

    security/vuxml: Pet rabbitmq-c entry
    
    make clean validate failed after rebased commit
    fix package name error and indentation issues
---
 security/vuxml/vuln-2021.xml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index c95c6dc15edd..faf3184c5a57 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -2,10 +2,13 @@
     <topic>RabbitMQ-C -- integer overflow leads to heap corruption</topic>
     <affects>
       <package>
-	<name>net/rabbitmq-c</name>
-	<name>net/rabbitmq-c-devel</name>
+	<name>rabbitmq-c</name>
+	<name>rabbitmq-c-devel</name>
 	<range><lt>0.10.0</lt></range>
       </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>alanxz reports:</p>
 	<blockquote cite="https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a">;
 	  <p>When parsing a frame header, validate that the frame_size is less than
@@ -16,7 +19,7 @@
 	when computing state-&gt;target_size resulting in a small value there. A
 	buffer is then allocated with the small amount, then memcopy copies the
 	frame_size writing to memory beyond the end of the buffer.</p>
- 	</blockquote>
+	</blockquote>
       </body>
     </description>
     <references>
@@ -27,7 +30,7 @@
       <discovery>2019-10-29</discovery>
       <entry>2021-06-25</entry>
     </dates>
-  </vuln>
+</vuln>
 
   <vuln vid="41bc849f-d5ef-11eb-ae37-589cfc007716">
     <topic>PuppetDB -- SQL Injection</topic>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202106281501.15SF1tv0060747>