Attachment #178579 for bug #215834

Lines 2-11 Link Here

(-)devel/pcsc-lite/Makefile (-3 / +2 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= pcsc-lite	4	PORTNAME= pcsc-lite
5	PORTVERSION= 1.8.19	5	PORTVERSION= 1.8.20
6	PORTEPOCH= 2
7	CATEGORIES= devel security	6	CATEGORIES= devel security
8	MASTER_SITES= https://alioth.debian.org/frs/download.php/file/4198/	7	MASTER_SITES= https://alioth.debian.org/frs/download.php/latestfile/39/
9		8
10	MAINTAINER= mokhi64@gmail.com	9	MAINTAINER= mokhi64@gmail.com
11	COMMENT= Smartcard development library	10	COMMENT= Smartcard development library

Lines 1-3 Link Here

(-)devel/pcsc-lite/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1481446804	1	TIMESTAMP = 1483729174
2	SHA256 (pcsc-lite-1.8.19.tar.bz2) = b65e25ec6dd1328983b424ce1a649e2993b1c4c59fc87252689b5fa7037c4340	2	SHA256 (pcsc-lite-1.8.20.tar.bz2) = ec7d0114016c788c1c09859c84860f6cec6c4595436d23245105154b9c046bb2
3	SIZE (pcsc-lite-1.8.19.tar.bz2) = 744283	3	SIZE (pcsc-lite-1.8.20.tar.bz2) = 745049




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="c218873d-d444-11e6-84ef-f0def167eeea">
    <topic> Vulnerabilities in pcsc-lite </topic>
    <affects>
      <package>
	<name>pcsc-lite</name>
    <range><ge>1.6.0</ge><lt>1.8.20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Peter Wu on Openwall mailing-list reports:</p>
    <blockquote cite="http://www.openwall.com/lists/oss-security/2017/01/03/2">
        <p>The issue allows a local attacker to cause a Denial of Service,
          but can potentially result in Privilege Escalation since
          the daemon is running as root. while any local user can
          connect to the Unix socket.
          Fixed by patch which is released with hpcsc-lite 1.8.20.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CWE-415</cvename>
      <cvename>CWE-416</cvename>
      <url>http://www.openwall.com/lists/oss-security/2017/01/03/2</url>
    </references>
    <dates>
      <discovery>2017-01-03</discovery>
      <entry>2017-01-06</entry>
    </dates>
  </vuln>

  <vuln vid="eafa3aec-211b-4dd4-9b8a-a664a3f0917a">
    <topic>w3m -- multiple vulnerabilities</topic>
    <affects>

Return to bug 215834

Lines 58-63 Link Here

(-)security/vuxml/vuln.xml (+31 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="c218873d-d444-11e6-84ef-f0def167eeea">
		62	<topic> Vulnerabilities in pcsc-lite </topic>
		63	<affects>
		64	<package>
		65	<name>pcsc-lite</name>
		66	<range><ge>1.6.0</ge><lt>1.8.20</lt></range>
		67	</package>
		68	</affects>
		69	<description>
		70	<body xmlns="http://www.w3.org/1999/xhtml">
		71	<p>Peter Wu on Openwall mailing-list reports:</p>
		72	<blockquote cite="http://www.openwall.com/lists/oss-security/2017/01/03/2">
		73	<p>The issue allows a local attacker to cause a Denial of Service,
		74	but can potentially result in Privilege Escalation since
		75	the daemon is running as root. while any local user can
		76	connect to the Unix socket.
		77	Fixed by patch which is released with hpcsc-lite 1.8.20.</p>
		78	</blockquote>
		79	</body>
		80	</description>
		81	<references>
		82	<cvename>CWE-415</cvename>
		83	<cvename>CWE-416</cvename>
		84	<url>http://www.openwall.com/lists/oss-security/2017/01/03/2</url>
		85	</references>
		86	<dates>
		87	<discovery>2017-01-03</discovery>
		88	<entry>2017-01-06</entry>
		89	</dates>
		90	</vuln>
		91
61	<vuln vid="eafa3aec-211b-4dd4-9b8a-a664a3f0917a">	92	<vuln vid="eafa3aec-211b-4dd4-9b8a-a664a3f0917a">
62	<topic>w3m -- multiple vulnerabilities</topic>	93	<topic>w3m -- multiple vulnerabilities</topic>
63	<affects>	94	<affects>