FreeBSD Mail Archives

Date:      Sat, 02 Jun 2018 21:37:55 -0300
From:      Joseph Mingrone <jrm@FreeBSD.org>
To:        Jan Beich <jbeich@FreeBSD.org>
Cc:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r471404 - head/security/vuxml
Message-ID:  <86y3fwk8m4.fsf@phe.ftfl.ca>
In-Reply-To: <wovg-23j7-wny@FreeBSD.org> (Jan Beich's message of "Sun, 03 Jun 2018 01:05:00 %2B0200")
References:  <201806022051.w52KpnY1084315@repo.freebsd.org> <wovg-23j7-wny@FreeBSD.org>

--=-=-=
Content-Type: text/plain

Jan Beich <jbeich@FreeBSD.org> writes:

> Joseph Mingrone <jrm@FreeBSD.org> writes:

>> Author: jrm
>> Date: Sat Jun  2 20:51:48 2018
>> New Revision: 471404
>> URL: https://svnweb.freebsd.org/changeset/ports/471404

>> Log:
>>   security/vuxml: Document devel/git CVEs (2018-11233 and 2018-11235)

>> Modified:
>>   head/security/vuxml/vuln.xml

>> Modified: head/security/vuxml/vuln.xml
>> ==============================================================================
>> --- head/security/vuxml/vuln.xml	Sat Jun  2 20:22:16 2018	(r471403)
>> +++ head/security/vuxml/vuln.xml	Sat Jun  2 20:51:48 2018	(r471404)
>> @@ -58,6 +58,45 @@ Notes:
>>    * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
>>  -->
>>  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
>> +  <vuln vid="c7a135f4-66a4-11e8-9e63-3085a9a47796">
>> +    <topic>Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)</topic>
>> +    <affects>
>> +      <package>
>> +	<name>git</name>
>> +	<name>git-lite</name>
>> +	<range><lt>2.17.1</lt></range>

> Did you miss the following?

>  * This release contains the same fixes made in the v2.13.7 version of
>    Git, covering CVE-2018-11233 and 11235, and forward-ported to
>    v2.14.4, v2.15.2 and v2.16.4 releases.  See release notes to
>    v2.13.7 for details.

> For one, I've requested to not backport 2.17.1.
> https://lists.freebsd.org/pipermail/svn-ports-head/2018-May/178516.html

Thanks.  Fixed in r471437.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEVbCTpybDiFVxIrrVNqQMg7DW754FAlsTOGNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDU1
QjA5M0E3MjZDMzg4NTU3MTIyQkFENTM2QTQwQzgzQjBENkVGOUUACgkQNqQMg7DW
757ACw/+I5SdkNInbpr3S2Lk2sozQTeqEh/+CJzyeTg/xAJwgYpvfwfL2HYxCLKw
/0nRzwFifTL6WkJXKlHKiIxvNSP/INIZxSpa4uw6xIMNF9HCliLBb8zZNG8V/yhS
uhSZh1jsANyKwpbfkaV+yjtiyE4nfOozrNy8pDFyiqLhdJ3a/WQjf/FVp07AkJfd
nSVMaNvnVOZC4QFLfOLjdbGs2Ui9cfj9AO0l70B2ByhB2+7ZeO2WCb5ncMstK5vm
egBfNdrNjkECkFsQym895zQM9mmeH1SWY2w6iN4Kwu40LpFE44iGttUa+oDYk/OW
1pe0HmeTFwFtwSVSZgLVlba+W7ISZBNSIgy+2blJarLkbA0H+7y8yLGK9a5r0Kj+
Ag8KfggHjeRZ7PRI+JqpYfsPyd8CSOwULUvTyLgYTeg0rXe6JdH8mtAXrVDOUt47
Hpb2xFbHPAoAwB+fgKcRv9aEt0mEgjFVIVP2Q77FHGG5wYFssmETVd3T3QzPQPfc
dhIJTADiFv61zg1MrYLilT6/SDoNi37mOwj4VR2Td33GnuC9l8f9xKAyGjBym4BQ
kxRknlk4YToSQjPZz86tTbF1oba75Cuix/OYkVkD7+Z6IdgUgNAenZQFWs1RU+4G
VlHHya1FcIz5w7qsnuqpfrgMG/niKzGgHGuDTbQZUZNVILuZcfM=
=Mgul
-----END PGP SIGNATURE-----
--=-=-=--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86y3fwk8m4.fsf>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation