Date: Mon, 26 Oct 2015 19:38:15 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 204044] net-mgmt/lldpd: Update to 0.7.19, security-related Message-ID: <bug-204044-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204044 Bug ID: 204044 Summary: net-mgmt/lldpd: Update to 0.7.19, security-related Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: freebsd@simweb.ch Created attachment 162481 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=162481&action=edit Updates lldpd to 0.7.19 Dear port commiters Here are 2 patches, one updating the port net-mgmt/lldpd to 0.7.19 which closed a buffer overflow that was introduced with version 0.5.6 but only if hardening was explicitely disabled. Hardening was explicitely enabled when I bumped the port to 0.7.16 thus even the current port as of writing shouldn't be vulnerable. The second patch is an attempt after some RTFM to update vuln.xml, I'm not sure if that fits, though at least xmllint says it's valid XML. I hope this follows the process for vuxml. The changes have passed a poudriere testport in 9.2 and 10.2 amd64 jail as well as a quick runtime check. -- Mathieu -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-204044-13>