From owner-dev-commits-ports-all@freebsd.org Thu Sep 30 00:18:07 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EBC1167EA99; Thu, 30 Sep 2021 00:18:07 +0000 (UTC) (envelope-from koobs.freebsd@gmail.com) Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HKYjq5lT8z3NDS; Thu, 30 Sep 2021 00:18:07 +0000 (UTC) (envelope-from koobs.freebsd@gmail.com) Received: by mail-pj1-x102c.google.com with SMTP id d13-20020a17090ad3cd00b0019e746f7bd4so5439966pjw.0; Wed, 29 Sep 2021 17:18:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:message-id:date:mime-version:user-agent:reply-to:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=Er+zb8KuKfVTlBM/ylWbuJUSxb7Oof0rMWgYBZCXg9k=; b=E7m4i1esahl1ul8qpqOwSG0OPBQfy5LirLCIC9GdfqPOb+y84V8Ve0V59M0QY4FKJw j9Qds25Wm2ENlbBwp9j17haTnNsspOPHkU0ir1lUR5yQnd0aAXQQfs+HwCRrys0ywdzF A6pwXCuinorCy+tNCpXFwiPTxxkM+ayb7jpWavJBXhYAoeR5qup8dYo17kcxjSRPW7MP DUn1QgIzw7FKTvq3Zi0vMn3aqiAp6lS49RLaxzpROhnUngNcA6TQ3sM8hTFOMNJUYiPu wqVcyxP/q1QmKwsSZICGrxYenxDlXXuDfgqUg7hwNEwBhJjDp0zWE+dLBk34o9CpULZr vNXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:message-id:date:mime-version:user-agent :reply-to:subject:content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=Er+zb8KuKfVTlBM/ylWbuJUSxb7Oof0rMWgYBZCXg9k=; b=PcJBtjyhPTmmRo4VB5CJNxZK28jrOEexaCiBHbduEYFh9e3kHfP6keJ7P+iWC/KNaq ZhS3Vh5KABtJlH+TyLFs+BSD6CLP70NtXiS76yQya58evQUieTwoZkt3DvJQ9rTFwzMq rkbM3uAXMQTQKqisyU1PPo1CX8xFXfHyhBQbR9/LPdV5o+qDL33qUo9A7nmlR522Muky LuKDmom8yZvw0exSilg8DmbWXFJI3eRpho1V+0uV/Qm/fhnUtYawYs1CFxIo6FPZPT14 sbGX/Wb0imv9WJq40gqcufY8Bs7XeJ7nw8myO3fLqfv09c5o2qXLtO3bUOCs7dbpAGQm 4NCA== X-Gm-Message-State: AOAM531cKRBIvEXpYnWF2RgoNfEcQ6B1COQHKxBHse/GQW1/fWBMNmkd c6TCU+l1+RHe89f5fEQCG4/6SiFbJ+60dw== X-Google-Smtp-Source: ABdhPJxBQN6KkOOU9MrG+RXIMLzXcwtKZQCF4VEYLsBFIKFQyISPJOXrGBYhW5n6sD7NT39nBkRa5A== X-Received: by 2002:a17:90a:4681:: with SMTP id z1mr2978266pjf.113.1632961081364; Wed, 29 Sep 2021 17:18:01 -0700 (PDT) Received: from ?IPV6:2403:5800:7500:3601:5869:7d38:7a37:b90c? (2403-5800-7500-3601-5869-7d38-7a37-b90c.ip6.aussiebb.net. [2403:5800:7500:3601:5869:7d38:7a37:b90c]) by smtp.gmail.com with ESMTPSA id g3sm824692pfk.178.2021.09.29.17.17.59 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 29 Sep 2021 17:18:01 -0700 (PDT) Sender: Kubilay Kocak Message-ID: <5046fa33-4bb4-b9f8-7812-0321c71b5afe@FreeBSD.org> Date: Thu, 30 Sep 2021 10:17:56 +1000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Thunderbird/94.0a1 Reply-To: koobs@FreeBSD.org Subject: Re: git: 0e6da3c2e1f0 - main - archivers/ha: Fix CVE-2015-1198 Content-Language: en-US To: Alex Kozlov , FreeBSD Ports Security Team Cc: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org References: <202109271752.18RHqsxu095384@gitrepo.freebsd.org> <20210929103230.GA81981@ravenloft.kiev.ua> From: Kubilay Kocak In-Reply-To: <20210929103230.GA81981@ravenloft.kiev.ua> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4HKYjq5lT8z3NDS X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; TAGGED_FROM(0.00)[] X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Sep 2021 00:18:08 -0000 On 29/09/2021 8:32 pm, Alex Kozlov wrote: > On Wed, Sep 29, 2021 at 10:50:13AM +1000, Kubilay Kocak wrote: >> On 28/09/2021 3:52 am, Alex Kozlov wrote: >>> The branch main has been updated by ak: >>> >>> URL: https://cgit.FreeBSD.org/ports/commit/?id=0e6da3c2e1f0ca151be9e6428dcc9c0b7f19d170 >>> >>> commit 0e6da3c2e1f0ca151be9e6428dcc9c0b7f19d170 >>> Author: Alex Kozlov >>> AuthorDate: 2021-09-27 17:42:12 +0000 >>> Commit: Alex Kozlov >>> CommitDate: 2021-09-27 17:42:12 +0000 >>> >>> archivers/ha: Fix CVE-2015-1198 >>> Fix directory traversal vulnerabilities (CVE-2015-1198) >>> Reported by: decke >> >> Hi Alex, could you merge this to quarterly? > I could, but 2021Q4 will be created in a few days, so I am not sure there is a need > to do that. > > That will leave the current branch vulnerable. @ports-secteam, could you VuXML and MFH please