From mandree@FreeBSD.org  Sun Mar 31 11:02:22 2013
Return-Path: <mandree@FreeBSD.org>
Received: from mandree.no-ip.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87])
	by hub.freebsd.org (Postfix) with ESMTP id BBF4BF7C;
	Sun, 31 Mar 2013 11:02:21 +0000 (UTC)
	(envelope-from mandree@FreeBSD.org)
Received: from [127.0.0.1] (localhost.localdomain [127.0.0.1])
	by apollo.emma.line.org (Postfix) with ESMTP id 3EBF223CEDF;
	Sun, 31 Mar 2013 13:02:21 +0200 (CEST)
Message-Id: <515817B8.6010506@FreeBSD.org>
Date: Sun, 31 Mar 2013 13:02:16 +0200
From: Matthias Andree <mandree@FreeBSD.org>
To: bug-followup@FreeBSD.org, portmgr@freebsd.org
Subject: Revised VuXML patch

>Number:         177520
>Category:       ports
>Synopsis:       Revised VuXML patch
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    linimon
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 31 11:10:00 UTC 2013
>Closed-Date:    Mon Apr 01 12:01:12 UTC 2013
>Last-Modified:  Mon Apr 01 12:01:12 UTC 2013
>Originator:     
>Release:        
>Organization:
>Environment:
>Description:
 This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
 --------------enig504F9A8F301A6427B0D3C181
 Content-Type: multipart/mixed;
  boundary="------------070500000406080401010703"
 
 This is a multi-part message in MIME format.
 --------------070500000406080401010703
 Content-Type: text/plain; charset=ISO-8859-15
 Content-Transfer-Encoding: quoted-printable
 
 
 --------------070500000406080401010703
 Content-Type: text/x-patch;
  name="vuxml-for-177517-v2.patch"
 Content-Transfer-Encoding: quoted-printable
 Content-Disposition: attachment;
  filename="vuxml-for-177517-v2.patch"
 
 Index: vuln.xml
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 --- vuln.xml	(Revision 315632)
 +++ vuln.xml	(Arbeitskopie)
 @@ -51,6 +51,33 @@
 =20
  -->
  <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">
 +  <vuln vid=3D"92f30415-9935-11e2-ad4c-080027ef73ec">
 +    <topic>OpenVPN -- potential side-channel/timing attack when comparin=
 g HMACs</topic>
 +    <affects>
 +      <package>
 +	<name>openvpn</name>
 +	<range><lt>2.3.1</lt></range>
 +      </package>
 +    </affects>
 +    <description>
 +      <body xmlns=3D"http://www.w3.org/1999/xhtml">
 +	<p>The OpenVPN project reports:</p>
 +	<blockquote cite=3D"https://community.openvpn.net/openvpn/wiki/ChangesI=
 nOpenvpn23#OpenVPN2.3.1<">
 +	  <p>[OpenVPN 2.3.1 adds a fix to prevent potential side-channel
 +	    attacks by switching to a] constant time memcmp when comparing HMAC=
 s in [the] openvpn_decrypt [function].</p>
 +	</blockquote>
 +      </body>
 +    </description>
 +    <references>
 +      <url>https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23=
 #OpenVPN2.3.1</url>
 +      <url>http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=3Dopenvpn=
 /openvpn-testing.git;a=3Dcommit;h=3D11d21349a4e7e38a025849479b36ace7c2eec=
 2ee</url>
 +    </references>
 +    <dates>
 +      <discovery>2013-03-19</discovery>
 +      <entry>2013-03-31</entry>
 +    </dates>
 +  </vuln>
 +
    <vuln vid=3D"843a4641-9816-11e2-9c51-080027019be0">
      <topic>libxml2 -- cpu consumption Dos</topic>
      <affects>
 
 --------------070500000406080401010703--
 
 --------------enig504F9A8F301A6427B0D3C181
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Description: OpenPGP digital signature
 Content-Disposition: attachment; filename="signature.asc"
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 Comment: Using GnuPG with undefined - http://www.enigmail.net/
 
 iEYEARECAAYFAlFYF7gACgkQvmGDOQUufZWKwQCfW1UIsLQfeI1eEoXDkLND8lo8
 Z5wAn036Nb06CgGWrFqUpfk1iR0XjQ7c
 =Aehy
 -----END PGP SIGNATURE-----
 
 --------------enig504F9A8F301A6427B0D3C181--
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: linimon 
State-Changed-When: Sun Mar 31 22:39:58 UTC 2013 
State-Changed-Why:  
To which PR is this one a followup? 


Responsible-Changed-From-To: gnats-admin->linimon 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Mar 31 22:39:58 UTC 2013 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=177520 
State-Changed-From-To: feedback->closed 
State-Changed-By: mandree 
State-Changed-When: Mon Apr 1 12:01:12 UTC 2013 
State-Changed-Why:  
this used to be a followup to 177517, which has been closed previously, 
so I am closing this one, too. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=177520 
>Unformatted:
