Bug 206150 - net-im/prosody: Update to 0.9.9
Summary: net-im/prosody: Update to 0.9.9
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: David Thiel
URL: http://blog.prosody.im/prosody-0-9-9-...
Keywords: needs-qa, patch, security
Depends on:
Blocks:
 
Reported: 2016-01-12 08:57 UTC by Anton Shestakov
Modified: 2016-01-26 08:05 UTC (History)
2 users (show)

See Also:
koobs: maintainer-feedback+
junovitch: merge-quarterly+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Anton Shestakov 2016-01-12 08:57:24 UTC
Prosody 0.9.9 was recently released, and it fixes CVE-2016-1231 and CVE-2016-1232: http://blog.prosody.im/prosody-0-9-9-security-release/

It would be nice to have this version in ports. I'd make a patch, but I'm not a FreeBSD user and don't have the experience with ports (at least yet).
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-01-12 21:31:28 UTC
A commit references this bug:

Author: lx
Date: Tue Jan 12 21:31:17 UTC 2016
New revision: 405917
URL: https://svnweb.freebsd.org/changeset/ports/405917

Log:
  Update to 0.9.9, fixing several bugs including security issues.

  PR:	206150
  Submitted by:	Anton Shestakov
  MFH:		2016Q1

Changes:
  head/net-im/prosody/Makefile
  head/net-im/prosody/distinfo
Comment 2 David Thiel freebsd_committer freebsd_triage 2016-01-12 21:36:07 UTC
Committed, thanks for the heads-up!
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-01-14 00:26:20 UTC
A commit references this bug:

Author: junovitch
Date: Thu Jan 14 00:26:00 UTC 2016
New revision: 406085
URL: https://svnweb.freebsd.org/changeset/ports/406085

Log:
  Document two vulnerabilities in Prosody

  PR:		206150
  Reported by:	Anton Shestakov <av6@dwimlabs.net>
  Security:	CVE-2016-1232
  Security:	CVE-2016-1231
  Security:	https://vuxml.FreeBSD.org/freebsd/842cd117-ba54-11e5-9728-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 4 Jason Unovitch freebsd_committer freebsd_triage 2016-01-18 17:21:22 UTC
Ping and set as open again.

Has the approval for the MFH that was automatically trigger by the commit message come back?  The PR should be closed and "merge-quarterly+" set when the MFH is made.
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-01-26 03:57:23 UTC
A commit references this bug:

Author: junovitch
Date: Tue Jan 26 03:57:15 UTC 2016
New revision: 407259
URL: https://svnweb.freebsd.org/changeset/ports/407259

Log:
  MFH: r405917

  Update to 0.9.9, fixing several bugs including security issues.

  PR:		206150
  Submitted by:	Anton Shestakov
  Approved by:	ports-secteam (feld)
  Security:	CVE-2016-1232
  Security:	CVE-2016-1231
  Security:	https://vuxml.FreeBSD.org/freebsd/842cd117-ba54-11e5-9728-002590263bf5.html

Changes:
_U  branches/2016Q1/
  branches/2016Q1/net-im/prosody/Makefile
  branches/2016Q1/net-im/prosody/distinfo
Comment 6 Jason Unovitch freebsd_committer freebsd_triage 2016-01-26 03:58:10 UTC
Close again and set merge-quarterly+ after MFH.