Software security issues on Ysul
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	dereckson
	Dec 6 2015, 13:16

Tags

Referenced Files

None

Subscribers

Description

png-1.6.19 is vulnerable:
libpng buffer overflow in png_set_PLTE
CVE: CVE-2015-8126
WWW: https://vuxml.FreeBSD.org/freebsd/1886e195-8b87-11e5-90e7-b499baebfeaf.html

py27-django-1.8.4 is vulnerable:
django -- information leak vulnerability
CVE: CVE-2015-8213
WWW: https://vuxml.FreeBSD.org/freebsd/11c52bc6-97aa-11e5-b8df-14dae9d210b8.html

Event Timeline

Dec 6 13:17:25 ysul pkg: png upgraded: 1.6.19 -> 1.6.20

Django not yet available as binary update.

Dec 6 13:20:55 ysul pkg-static: py27-django-1.8.4 deinstalled
Dec 6 13:21:59 ysul pkg-static: py27-django-1.8.7 installed