Attachment #174753 for bug #211892




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="08664d42-7989-11e6-b7a8-74d02b9a84d5">
    <topic>h2o -- fix DoS attack vector</topic>
    <affects>
      <package>
	<name>h2o</name>
	<range>
	  <lt>2.0.4</lt>
	</range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Frederik Deweerdt reported a denial-of-service attack vector
	due to an unhandled error condition during socket connection.</p>
      </body>
    </description>
    <references>
      <url>https://h2o.examp1e.net/vulnerabilities.html</url>
      <cvename>CVS-2016-4864</cvename>
    </references>
    <dates>
      <discovery>2016-06-09</discovery>
      <entry>2016-09-13</entry>
    </dates>
  </vuln>

  <vuln vid="769ba449-79e1-11e6-bf75-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>

Lines 2-8 Link Here

(-)b/www/h2o/Makefile (-1 / +1 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= h2o	4	PORTNAME= h2o
5	PORTVERSION= 2.0.1	5	PORTVERSION= 2.0.4
6	DISTVERSIONPREFIX= v	6	DISTVERSIONPREFIX= v
7	CATEGORIES= www	7	CATEGORIES= www
8		8

Lines 1-3 Link Here

(-)b/www/h2o/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1467186334	1	TIMESTAMP = 1473753131
2	SHA256 (h2o-h2o-v2.0.1_GH0.tar.gz) = c53d11589c8c76491cf3a940b649d0a9cb27c36eb276963811ac1bc16cd2bf2c	2	SHA256 (h2o-h2o-v2.0.4_GH0.tar.gz) = c0efa18f0ffb0f68ee4b60a6ed1feb54c770458c59e48baa2d9d0906ef9c68c0
3	SIZE (h2o-h2o-v2.0.1_GH0.tar.gz) = 15012563	3	SIZE (h2o-h2o-v2.0.4_GH0.tar.gz) = 15015392

Return to bug 211892

Lines 58-63 Notes: Link Here

(-)b/security/vuxml/vuln.xml (+26 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="08664d42-7989-11e6-b7a8-74d02b9a84d5">
		62	<topic>h2o -- fix DoS attack vector</topic>
		63	<affects>
		64	<package>
		65	<name>h2o</name>
		66	<range>
		67	<lt>2.0.4</lt>
		68	</range>
		69	</package>
		70	</affects>
		71	<description>
		72	<body xmlns="http://www.w3.org/1999/xhtml">
		73	<p>Frederik Deweerdt reported a denial-of-service attack vector
		74	due to an unhandled error condition during socket connection.</p>
		75	</body>
		76	</description>
		77	<references>
		78	<url>https://h2o.examp1e.net/vulnerabilities.html</url>
		79	<cvename>CVS-2016-4864</cvename>
		80	</references>
		81	<dates>
		82	<discovery>2016-06-09</discovery>
		83	<entry>2016-09-13</entry>
		84	</dates>
		85	</vuln>
		86
61	<vuln vid="769ba449-79e1-11e6-bf75-3065ec8fd3ec">	87	<vuln vid="769ba449-79e1-11e6-bf75-3065ec8fd3ec">
62	<topic>chromium -- multiple vulnerabilities</topic>	88	<topic>chromium -- multiple vulnerabilities</topic>
63	<affects>	89	<affects>