Created attachment 215765 [details] anydesk.patch Update anydesk to version 5.5.5
^Triage: - If there is a changelog or release notes URL available for this version, please add it to the URL field - Please set the maintainer-approval attachment flag (to +) on patches for ports you maintain to signify approval Attachment -> Details -> maintainer-approval [+]
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/157957363
Created attachment 215766 [details] anydesk.patch
(In reply to Martin Filla from comment #3) For future reference, you can change the maintainer-approval flag to [+] on already existing attachments without needing to re-submit another. ;) ^Lewis
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/157962981
(In reply to Lewis Cook from comment #4) This are next links for issues https://nvd.nist.gov/vuln/detail/CVE-2020-13160 https://www.exploit-database.net/?id=102449
A commit references this bug: Author: joneum Date: Sat Jul 4 15:37:59 UTC 2020 New revision: 541220 URL: https://svnweb.freebsd.org/changeset/ports/541220 Log: Add entry for anydesk PR: 247406 Sponsored by: Netzkommune GmbH Changes: head/security/vuxml/vuln.xml
Hi, the i386 builds have an fetch error: http://joneumbox.org/data/113i386-ports/2020-07-04_17h39m34s/logs/errors/anydesk-5.5.5.log http://joneumbox.org/data/121i386-ports/2020-07-04_18h46m12s/logs/errors/anydesk-5.5.5.log http://joneumbox.org/data/13i386-ports/2020-07-04_19h12m57s/logs/errors/anydesk-5.5.5.log all amd64 builds are fine
A commit references this bug: Author: joneum Date: Sun Jul 5 09:03:26 UTC 2020 New revision: 541261 URL: https://svnweb.freebsd.org/changeset/ports/541261 Log: Update to 5.5.5 This Update fix CVE-2020-13160: AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. PR: 247406 Submitted by: Martin Filla <freebsd@sysctl.cz> (maintainer) MFH: 2020Q3 Security: 4344861a-be0b-11ea-9172-4c72b94353b5 Sponsored by: Netzkommune GmbH Changes: head/deskutils/anydesk/Makefile head/deskutils/anydesk/distinfo
A commit references this bug: Author: joneum Date: Sun Jul 5 09:06:12 UTC 2020 New revision: 541262 URL: https://svnweb.freebsd.org/changeset/ports/541262 Log: MFH: r541261 Update to 5.5.5 This Update fix CVE-2020-13160: AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. PR: 247406 Submitted by: Martin Filla <freebsd@sysctl.cz> (maintainer) Security: 4344861a-be0b-11ea-9172-4c72b94353b5 Sponsored by: Netzkommune GmbH Approved by: ports-secteam (with hat) Changes: _U branches/2020Q3/ branches/2020Q3/deskutils/anydesk/Makefile branches/2020Q3/deskutils/anydesk/distinfo
Was the license block commented out on purpose? The terms of use suggest that we might need to stop distributing this package: > In particular, the Customer shall not be permitted to duplicate, edit, make publicly accessible or sell the software or parts thereof.