Date: Thu, 14 Dec 2017 13:54:54 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 224339] lang/erlang-runtime17: vulnerable to CVE-2017-1000385 [PATCH] Message-ID: <bug-224339-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224339 Bug ID: 224339 Summary: lang/erlang-runtime17: vulnerable to CVE-2017-1000385 [PATCH] Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: olgeni@FreeBSD.org Reporter: sg2342@googlemail.com Assignee: olgeni@FreeBSD.org Flags: maintainer-feedback?(olgeni@FreeBSD.org) Keywords: patch Created attachment 188825 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D188825&action= =3Dedit backport CVE-2017-1000385 from erlang-runtime18 while lang/erlang-runtime18, lang/erlang-runtime19 and lang/erlang-runtim20 received CVE-2017-1000385 related updates, erlang-runtime17 did not (it is = no longer supported by upstream apparently). see https://robotattack.org for information about the attack https://github.com/robotattackorg/robot-detect can be used to confirm that erlang-runtime17 is vulnerable. http://erlang.org/pipermail/erlang-questions/2017-November/094257.html is t= he Patch Package: OTP 18.3.4.7 email from the OTP team. attached patch is (the trivial) backport of the changes in OTP 18.3.4.7. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-224339-13>