Attachment #178617 for bug #215834

Lines 2-11 Link Here

(-)devel/pcsc-lite/Makefile (-2 / +2 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= pcsc-lite	4	PORTNAME= pcsc-lite
5	PORTVERSION= 1.8.19	5	PORTVERSION= 1.8.20
6	PORTEPOCH= 2	6	PORTEPOCH= 2
7	CATEGORIES= devel security	7	CATEGORIES= devel security
8	MASTER_SITES= https://alioth.debian.org/frs/download.php/file/4198/	8	MASTER_SITES= https://alioth.debian.org/frs/download.php/latestfile/39/
9		9
10	MAINTAINER= mokhi64@gmail.com	10	MAINTAINER= mokhi64@gmail.com
11	COMMENT= Smartcard development library	11	COMMENT= Smartcard development library

Lines 1-3 Link Here

(-)devel/pcsc-lite/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1481446804	1	TIMESTAMP = 1483729174
2	SHA256 (pcsc-lite-1.8.19.tar.bz2) = b65e25ec6dd1328983b424ce1a649e2993b1c4c59fc87252689b5fa7037c4340	2	SHA256 (pcsc-lite-1.8.20.tar.bz2) = ec7d0114016c788c1c09859c84860f6cec6c4595436d23245105154b9c046bb2
3	SIZE (pcsc-lite-1.8.19.tar.bz2) = 744283	3	SIZE (pcsc-lite-1.8.20.tar.bz2) = 745049




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="c218873d-d444-11e6-84ef-f0def167eeea">
    <topic>Use-After-Free Vulnerability in pcsc-lite</topic>
    <affects>
      <package>
	<name>pcsc-lite</name>
    <range><ge>1.6.0</ge><lt>1.8.20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Peter Wu on Openwall mailing-list reports:</p>
    <blockquote cite="http://www.openwall.com/lists/oss-security/2017/01/03/2">
	<p>The issue allows a local attacker to cause a Denial of Service,
	  but can potentially result in Privilege Escalation since
	  the daemon is running as root. while any local user can
	  connect to the Unix socket.
	  Fixed by patch which is released with hpcsc-lite 1.8.20.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CWE-415</cvename>
      <cvename>CWE-416</cvename>
      <url>http://www.openwall.com/lists/oss-security/2017/01/03/2</url>
    </references>
    <dates>
      <discovery>2017-01-03</discovery>
      <entry>2017-01-06</entry>
    </dates>
  </vuln>

  <vuln vid="e5ec2767-d529-11e6-ae1b-002590263bf5">
    <topic>tomcat -- information disclosure vulnerability</topic>
    <affects>

Return to bug 215834

Lines 58-63 Link Here

(-)security/vuxml/vuln.xml (+31 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="c218873d-d444-11e6-84ef-f0def167eeea">
		62	<topic>Use-After-Free Vulnerability in pcsc-lite</topic>
		63	<affects>
		64	<package>
		65	<name>pcsc-lite</name>
		66	<range><ge>1.6.0</ge><lt>1.8.20</lt></range>
		67	</package>
		68	</affects>
		69	<description>
		70	<body xmlns="http://www.w3.org/1999/xhtml">
		71	<p>Peter Wu on Openwall mailing-list reports:</p>
		72	<blockquote cite="http://www.openwall.com/lists/oss-security/2017/01/03/2">
		73	<p>The issue allows a local attacker to cause a Denial of Service,
		74	but can potentially result in Privilege Escalation since
		75	the daemon is running as root. while any local user can
		76	connect to the Unix socket.
		77	Fixed by patch which is released with hpcsc-lite 1.8.20.</p>
		78	</blockquote>
		79	</body>
		80	</description>
		81	<references>
		82	<cvename>CWE-415</cvename>
		83	<cvename>CWE-416</cvename>
		84	<url>http://www.openwall.com/lists/oss-security/2017/01/03/2</url>
		85	</references>
		86	<dates>
		87	<discovery>2017-01-03</discovery>
		88	<entry>2017-01-06</entry>
		89	</dates>
		90	</vuln>
		91
61	<vuln vid="e5ec2767-d529-11e6-ae1b-002590263bf5">	92	<vuln vid="e5ec2767-d529-11e6-ae1b-002590263bf5">
62	<topic>tomcat -- information disclosure vulnerability</topic>	93	<topic>tomcat -- information disclosure vulnerability</topic>
63	<affects>	94	<affects>