svn commit: r422123 - head/security/vuxml
Bernard Spil
brnrd at FreeBSD.org
Wed Sep 14 09:31:36 UTC 2016
Author: brnrd
Date: Wed Sep 14 09:31:35 2016
New Revision: 422123
URL: https://svnweb.freebsd.org/changeset/ports/422123
Log:
security/vuxml: Document www/h2o vulnerability
PR: 211892
Submitted by: Dave Cottlehuber <dch at skunkwerks.at> (maintainer)
Reviewed by: brnrd
MFH: 2016Q3
Security: 08664d42-7989-11e6-b7a8-74d02b9a84d5
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Sep 14 09:27:14 2016 (r422122)
+++ head/security/vuxml/vuln.xml Wed Sep 14 09:31:35 2016 (r422123)
@@ -58,6 +58,32 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="08664d42-7989-11e6-b7a8-74d02b9a84d5">
+ <topic>h2o -- fix DoS attack vector</topic>
+ <affects>
+ <package>
+ <name>h2o</name>
+ <range>
+ <lt>2.0.4</lt>
+ </range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Frederik Deweerdt reported a denial-of-service attack vector
+ due to an unhandled error condition during socket connection.</p>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/h2o/h2o/issues/1077</url>
+ <cvename>CVE-2016-4864</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-09</discovery>
+ <entry>2016-09-14</entry>
+ </dates>
+ </vuln>
+
<vuln vid="b018121b-7a4b-11e6-bf52-b499baebfeaf">
<topic>cURL -- Escape and unescape integer overflows</topic>
<affects>
More information about the svn-ports-head
mailing list