svn commit: r333686 - head/security/vuxml
Bryan Drewery
bdrewery at FreeBSD.org
Wed Nov 13 16:12:00 UTC 2013
On 2013-11-13 08:07, Remko Lodder wrote:
> Author: remko (src,doc committer)
> Date: Wed Nov 13 14:07:04 2013
> New Revision: 333686
> URL: http://svnweb.freebsd.org/changeset/ports/333686
>
> Log:
> Fix the OpenSSH entry, a version entry should be marked
> on a per rule basis, and not on it's own lines, because
> that would bogusly match other versions then intended.
Thanks!
>
> When in doubt, please let me review your changes!!
I had no doubt!
> hat: secteam
>
> Modified:
> head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml Wed Nov 13 13:50:11 2013 (r333685)
> +++ head/security/vuxml/vuln.xml Wed Nov 13 14:07:04 2013 (r333686)
> @@ -147,18 +147,16 @@ Note: Please add new entries to the beg
> <affects>
> <package>
> <name>openssh-portable</name>
> - <range><lt>6.4.p1,1</lt></range>
> - <range><ge>6.2.p2,1</ge></range>
> + <range><ge>6.2.p2,1</ge><lt>6.4.p1,1</lt></range>
> </package>
> <package>
> <name>openssh-portable-base</name>
> - <range><lt>6.4.p1,1</lt></range>
> - <range><ge>6.2.p2,1</ge></range>
> + <range><ge>6.2.p2,1</ge><lt>6.4.p1,1</lt></range>
> </package>
> </affects>
> <description>
> <body xmlns="http://www.w3.org/1999/xhtml">
> - <p>OpenSSH development team reports:</p>
> + <p>The OpenSSH development team reports:</p>
> <blockquote cite="http://www.openssh.com/txt/gcmrekey.adv">
> <p>A memory corruption vulnerability exists in the post-
> authentication sshd process when an AES-GCM cipher
> @@ -184,7 +182,7 @@ Note: Please add new entries to the beg
> <dates>
> <discovery>2013-11-07</discovery>
> <entry>2013-11-08</entry>
> - <modified>2013-11-11</modified>
> + <modified>2013-11-13</modified>
> </dates>
> </vuln>
--
Regards,
Bryan Drewery
More information about the svn-ports-all
mailing list