diff options
| author | junovitch <junovitch@FreeBSD.org> | 2016-05-04 07:57:03 +0800 |
|---|---|---|
| committer | junovitch <junovitch@FreeBSD.org> | 2016-05-04 07:57:03 +0800 |
| commit | 102598aafa3f323eebcaaa49894e9af2e5b9520d (patch) | |
| tree | 617747601ddbadbfe09312a206bf41280ba1cfab /security | |
| parent | c2bc329c3ff101d3a12b5e2fcac2e32368b46bb8 (diff) | |
| download | freebsd-ports-gnome-102598aafa3f323eebcaaa49894e9af2e5b9520d.tar.gz freebsd-ports-gnome-102598aafa3f323eebcaaa49894e9af2e5b9520d.tar.zst freebsd-ports-gnome-102598aafa3f323eebcaaa49894e9af2e5b9520d.zip | |
Fix <url> -> <cvename> tags in OpenSSL entry plus spacing fixes.
While here, combine both entries as they both refer to the same CVEs and
we've typically done these as combined entries in the past.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 66 |
1 files changed, 22 insertions, 44 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index dc48e31f305a..cf90272ada9a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -59,44 +59,6 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuln vid="01d729ca-1143-11e6-b55e-b499baebfeaf"> - <topic>LibreSSL -- multiple vulnerabilities</topic> - <affects> - <package> - <name>libressl</name> - <range><lt>2.3.4</lt></range> - </package> - <package> - <name>libressl-devel</name> - <range><lt>2.3.4</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>OpenBSD reports:</p> - <blockquote cite="https://marc.info/?l=openbsd-tech&m=146228598730414"> - <p>Memory corruption in the ASN.1 encoder</p> - <p>Padding oracle in AES-NI CBC MAC check</p> - <p>EVP_EncodeUpdate overflow</p> - <p>EVP_EncryptUpdate overflow</p> - <p>ASN.1 BIO excessive memory allocation</p> - </blockquote> - </body> - </description> - <references> - <url>https://marc.info/?l=openbsd-tech&m=146228598730414</url> - <url>CVE-2016-2108</url> - <url>CVE-2016-2107</url> - <url>CVE-2016-2105</url> - <url>CVE-2016-2106</url> - <url>CVE-2016-2109</url> - </references> - <dates> - <discovery>2016-05-03</discovery> - <entry>2016-05-03</entry> - </dates> - </vuln> - - <vuln vid="95564990-1138-11e6-b55e-b499baebfeaf"> <topic>OpenSSL -- multiple vulnerabilities</topic> <affects> <package> @@ -107,33 +69,49 @@ Notes: <name>linux-c6-openssl</name> <range><lt>1.0.1e_8</lt></range> </package> + <package> + <name>libressl</name> + <range><lt>2.3.4</lt></range> + </package> + <package> + <name>libressl-devel</name> + <range><lt>2.3.4</lt></range> + </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>OpenSSL reports:</p> <blockquote cite="https://www.openssl.org/news/secadv/20160503.txt"> + <p>Memory corruption in the ASN.1 encoder</p> <p>Padding oracle in AES-NI CBC MAC check</p> <p>EVP_EncodeUpdate overflow</p> <p>EVP_EncryptUpdate overflow</p> <p>ASN.1 BIO excessive memory allocation</p> - <p>EBCDIC overread</p> + <p>EBCDIC overread (OpenSSL only)</p> </blockquote> </body> </description> <references> <url>https://www.openssl.org/news/secadv/20160503.txt</url> - <url>CVE-2016-2107</url> - <url>CVE-2016-2105</url> - <url>CVE-2016-2106</url> - <url>CVE-2016-2109</url> - <url>CVE-2016-2176</url> + <url>https://marc.info/?l=openbsd-tech&m=146228598730414</url> + <cvename>CVE-2016-2105</cvename> + <cvename>CVE-2016-2106</cvename> + <cvename>CVE-2016-2107</cvename> + <cvename>CVE-2016-2108</cvename> + <cvename>CVE-2016-2109</cvename> + <cvename>CVE-2016-2176</cvename> </references> <dates> <discovery>2016-05-03</discovery> <entry>2016-05-03</entry> + <modified>2016-05-03</modified> </dates> </vuln> + <vuln vid="95564990-1138-11e6-b55e-b499baebfeaf"> + <cancelled superseded="01d729ca-1143-11e6-b55e-b499baebfeaf"/> + </vuln> + <vuln vid="be72e773-1131-11e6-94fa-002590263bf5"> <topic>gitlab -- privilege escalation via "impersonate" feature</topic> <affects> |