Bug 223574 - [PATCH] net/libosip2: fix security vulnerability (CVE-2017-7853)
Summary: [PATCH] net/libosip2: fix security vulnerability (CVE-2017-7853)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Muhammad Moinur Rahman
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2017-11-09 20:33 UTC by Jung-uk Kim
Modified: 2017-12-01 00:12 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (bofh)

Attachments
Add the upstream patch to fix the vulnerability (1.52 KB, patch)
2017-11-09 20:33 UTC, Jung-uk Kim 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jung-uk Kim freebsd_committer freebsd_triage 2017-11-09 20:33:40 UTC 
Created attachment 187885 [details]
Add the upstream patch to fix the vulnerability

A VuXML entry was added to mark the port as vulnerable:

https://svnweb.freebsd.org/changeset/ports/451770

A vulnerability was fixed by the upstream:

http://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-12-01 00:03:39 UTC 
A commit references this bug:

Author: jkim
Date: Fri Dec  1 00:02:47 UTC 2017
New revision: 455239
URL: https://svnweb.freebsd.org/changeset/ports/455239

Log:
  Add an upstream patch to fix security vulnerability.

  PR:		223574
  Approved by:	bofh (maintainer timeout, 3 weeks)
  MFH:		2017Q4
  Security:	CVE-2017-7853

Changes:
  head/net/libosip2/Makefile
  head/net/libosip2/files/
  head/net/libosip2/files/patch-src_osipparser2_osip__message__parse.c