aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfeld <feld@FreeBSD.org>2017-01-10 00:49:44 +0800
committerfeld <feld@FreeBSD.org>2017-01-10 00:49:44 +0800
commitefb47c30bad433b69dbb7f16691aae104137d641 (patch)
tree41e4a137d8b818901a1422fc9ed989655bf7fe2a
parent379708c71a63ce1c4c83ef8c8fee6b9035e79d37 (diff)
downloadfreebsd-ports-gnome-efb47c30bad433b69dbb7f16691aae104137d641.tar.gz
freebsd-ports-gnome-efb47c30bad433b69dbb7f16691aae104137d641.tar.zst
freebsd-ports-gnome-efb47c30bad433b69dbb7f16691aae104137d641.zip
Document hdf5 CVEs
PR: 214938 Security: CVE-2016-4330 SecuritY: CVE-2016-4331 Security: CVE-2016-4332 Security: CVE-2016-4333
-rw-r--r--security/vuxml/vuln.xml38
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index c01531bcdedf..e34abc114f18 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,44 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="91e039ed-d689-11e6-9171-14dae9d210b8">
+ <topic>hdf5 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>hdf5</name>
+ <range><lt>1.10.0</lt></range>
+ </package>
+ <package>
+ <name>hdf5-18</name>
+ <range><lt>1.8.18</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Talos Security reports:</p>
+ <blockquote cite="http://blog.talosintel.com/2016/11/hdf5-vulns.html">
+ <ul>
+ <li><p>CVE-2016-4330 (TALOS-2016-0176) - HDF5 Group libhdf5 H5T_ARRAY Code Execution Vulnerability</p></li>
+ <li><p>CVE-2016-4331 (TALOS-2016-0177) - HDF5 Group libhdf5 H5Z_NBIT Code Execution Vulnerability</p></li>
+ <li><p>CVE-2016-4332 (TALOS-2016-0178) - HDF5 Group libhdf5 Shareable Message Type Code Execution Vulnerability</p></li>
+ <li><p>CVE-2016-4333 (TALOS-2016-0179) - HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://blog.talosintel.com/2016/11/hdf5-vulns.html</url>
+ <cvename>CVE-2016-4330</cvename>
+ <cvename>CVE-2016-4331</cvename>
+ <cvename>CVE-2016-4332</cvename>
+ <cvename>CVE-2016-4333</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-17</discovery>
+ <entry>2017-01-09</entry>
+ </dates>
+ </vuln>
+
<vuln vid="e1ff4c5e-d687-11e6-9171-14dae9d210b8">
<topic>End of Life Ports</topic>
<affects>