Date: Sat, 10 Mar 2018 00:15:18 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 226491] [PATCH] devel/zziplib: update to 0.13.68 which fixes multiple CVEs Message-ID: <bug-226491-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D226491 Bug ID: 226491 Summary: [PATCH] devel/zziplib: update to 0.13.68 which fixes multiple CVEs Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: patch, security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: freebsd_ports@k-worx.org Attachment #191360 maintainer-approval+ Flags: Flags: maintainer-feedback+ Created attachment 191360 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D191360&action= =3Dedit Patch for zziplib v0.13.68 Hello,=20 attached is the patch which updates the port to 0.13.68 and fixes also following CVEs: For version 0.13.62: - CVE-2017-5974 - CVE-2017-5975 - CVE-2017-5976 - CVE-2017-5979 - CVE-2017-5980 - CVE-2017-5981 For version 0.13.67: - CVE-2017-5977 For version 0.13.68: - CVE-2018-6381 - CVE-2018-6484 - CVE-2018-6540 - CVE-2018-6541 - CVE-2018-6542 Some days ago there were four new CVEs created which are unresolved at the moment: - CVE-2018-6869=20=20=20=20=20=20=20=20=20 - CVE-2018-7725 - CVE-2018-7726 - CVE-2018-7727 Thus the chances are high that there will be a new release of zziplib from upstream in near future. Changes to the port: - the project moved from SF to GitHub - removed no longer required entries from USES - added textproc/xmlto to BUILD_DEPEND=20 - completed/fixed license info QA: ~~~ - poudriere (11.1Ramd64 + i386) -> OK - portlint -> OK --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-226491-13>