diff options
| author | Jason Unovitch <junovitch@FreeBSD.org> | 2016-06-09 03:28:07 +0000 |
|---|---|---|
| committer | Jason Unovitch <junovitch@FreeBSD.org> | 2016-06-09 03:28:07 +0000 |
| commit | 607a6c5895aede2994d2a7e29290a1720f8836cc (patch) | |
| tree | dd61db641363374fee1c786c424fd9485beb4f3b /security | |
| parent | 87259ca3384a2c0b9121848b7bd7b658ec81c770 (diff) | |
| download | ports-607a6c5895aede2994d2a7e29290a1720f8836cc.tar.gz ports-607a6c5895aede2994d2a7e29290a1720f8836cc.zip | |
Document two expat CVEs reported by upstream
PR: 210155
Reported by: Sebastian Pipping <sebastian@pipping.org>
Security: CVE-2012-6702
Security: CVE-2016-5300
Security: https://vuxml.FreeBSD.org/freebsd/c9c252f5-2def-11e6-ae88-002590263bf5.html
Notes
Notes:
svn path=/head/; revision=416580
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index af8e8b5f0f48..e5349b80dc2a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,44 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="c9c252f5-2def-11e6-ae88-002590263bf5"> + <topic>expat -- multiple vulnerabilities</topic> + <affects> + <package> + <name>expat</name> + <range><lt>2.1.1_1</lt></range> + </package> + <package> + <name>linux-c6-expat</name> + <name>linux-f10-expat</name> + <range><ge>0</ge></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Sebastian Pipping reports:</p> + <blockquote cite="https://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/"> + <p>CVE-2012-6702 -- Resolve troublesome internal call to srand that + was introduced with Expat 2.1.0 when addressing CVE-2012-0876 + (issue #496)</p> + <p>CVE-2016-5300 -- Use more entropy for hash initialization than the + original fix to CVE-2012-0876.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-6702</cvename> + <cvename>CVE-2016-5300</cvename> + <freebsdpr>ports/</freebsdpr> + <url>https://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/</url> + <url>http://www.openwall.com/lists/oss-security/2016/03/18/3</url> + </references> + <dates> + <discovery>2016-03-18</discovery> + <entry>2016-06-09</entry> + </dates> + </vuln> + <vuln vid="d6bbf2d8-2cfc-11e6-800b-080027468580"> <topic>iperf3 -- buffer overflow</topic> <affects> |