Created attachment 154535 [details] svn diff for security/libressl LibreSSL has released a next version with fixes for CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref CVE-2015-0289 - PKCS7 NULL pointer dereferences Furthermore, the libtls ABI is declared stable and enabled by default. This is now fixed.
Created attachment 154536 [details] Poudriere build log of security/libressl
Created attachment 154537 [details] vuxml entry
Created attachment 154538 [details] vuxml entry, fixed Previous vuxml entry had all <cvename> tags with -0207. Fixed in patch attached.
Created attachment 154539 [details] vuln.xml entry Fixes the references entries
Created attachment 154540 [details] vuxml entry Now using the raw payload from GitHub...
I'd suggest to use normal HTML <ul>...</ul> for list and not just <p> in description of vulnxml entry.
A commit references this bug: Author: delphij Date: Thu Mar 19 22:54:15 UTC 2015 New revision: 381700 URL: https://svnweb.freebsd.org/changeset/ports/381700 Log: Mention LibreSSL too. Use <ul>'s per suggestion from vsevolod [1]. PR: 198718 [1] Changes: head/security/vuxml/vuln.xml
I've merged the vuxml entries with the OpenSSL one. Vsevolod would you please merge the port change?
A commit references this bug: Author: vsevolod Date: Thu Mar 19 23:11:51 UTC 2015 New revision: 381701 URL: https://svnweb.freebsd.org/changeset/ports/381701 Log: - Update to 2.1.6 - Remove incorrectly added patch files PR: 198718 Submitted by: Bernard Spil <spil.oss at gmail.com> Security: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289 Changes: head/security/libressl/Makefile head/security/libressl/distinfo head/security/libressl/files/patch-include-openssl-opensslv.h head/security/libressl/pkg-plist head/security/libressl/security/
Committed, thank you!