Missing vuxml entry & patch (not new release yet) Patch: https://sourceforge.net/p/p7zip/bugs/185/
Thanks for the heads-up; I'm on it.
A commit references this bug: Author: rakuco Date: Wed Nov 30 10:50:13 UTC 2016 New revision: 427417 URL: https://svnweb.freebsd.org/changeset/ports/427417 Log: Import upstream patch to fix CVE-2016-9296 Null pointer dereference can cause 7z to crash. PR: 214940 Reported by: Sevan Janiyan <venture37@geeklan.co.uk> MFH: 2016Q4 Security: 48e83187-b6e9-11e6-b6cf-5453ed2e2b49 Security: CVE-2016-9296 Changes: head/archivers/p7zip/Makefile head/archivers/p7zip/files/patch-CPP_7zip_Archive_7z_7zIn.cpp
Thanks again. I updated vuln.xml in ports r427416 but forgot to reference this PR. I'm closing it, and will merge the fix to the 2016Q4 branch as soon as it is approved.
A commit references this bug: Author: rakuco Date: Thu Dec 1 09:19:09 UTC 2016 New revision: 427480 URL: https://svnweb.freebsd.org/changeset/ports/427480 Log: MFH: r427417 Import upstream patch to fix CVE-2016-9296 Null pointer dereference can cause 7z to crash. PR: 214940 Reported by: Sevan Janiyan <venture37@geeklan.co.uk> Security: 48e83187-b6e9-11e6-b6cf-5453ed2e2b49 Security: CVE-2016-9296 Approved by: ports-secteam (junovitch) Changes: _U branches/2016Q4/ branches/2016Q4/archivers/p7zip/Makefile branches/2016Q4/archivers/p7zip/files/patch-CPP_7zip_Archive_7z_7zIn.cpp