Bug 252291 - irc/inspircd: Update to 3.8.1 (fixes security vulnerability)
Summary: irc/inspircd: Update to 3.8.1 (fixes security vulnerability)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Joseph Mingrone
URL: https://docs.inspircd.org/3/change-lo...
Keywords: security
Depends on:
Blocks:
 
Reported: 2020-12-30 19:39 UTC by Sadie Powell
Modified: 2021-01-01 05:06 UTC (History)
1 user (show)

See Also:
koobs: merge-quarterly-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sadie Powell 2020-12-30 19:39:36 UTC
Hello,

I'm the upstream maintainer for the software in this package. In v3.8.1 we released a fix for security advisory 2020-02 (https://docs.inspircd.org/security/2020-02/). Currently FreeBSD is packaging v3.7.0 which is vulnerable to this vulnerability. Would it be possible for you to update it to fix this?

There have been no breaking changes between these two releases but here is the changelog for this version if you need it: https://docs.inspircd.org/3/change-log/#inspircd-381

Thanks,

~Sadie
Comment 1 commit-hook freebsd_committer freebsd_triage 2021-01-01 04:06:45 UTC
A commit references this bug:

Author: jrm
Date: Fri Jan  1 04:06:34 UTC 2021
New revision: 559799
URL: https://svnweb.freebsd.org/changeset/ports/559799

Log:
  irc/inspircd: Update to version 3.8.1

  - Apply suggestions from portclippy/portfmt/portlint
  - Remove multiple no-op REINPLACE_CMD

  https://docs.inspircd.org/3/change-log/#inspircd-381

  PR:		252291
  Reported by:	Sadie Powell <sadie@witchery.services>

Changes:
  head/irc/inspircd/Makefile
  head/irc/inspircd/distinfo
  head/irc/inspircd/files/patch-make_template_inspircd
  head/irc/inspircd/files/patch-make_template_main.mk
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-01-01 04:31:48 UTC
A commit references this bug:

Author: jrm
Date: Fri Jan  1 04:31:38 UTC 2021
New revision: 559800
URL: https://svnweb.freebsd.org/changeset/ports/559800

Log:
  Document inspircd vulnerabilitiy

  PR:		252291
  Reported by:	Sadie Powell <sadie@witchery.services>

Changes:
  head/security/vuxml/vuln.xml
Comment 3 Joseph Mingrone freebsd_committer freebsd_triage 2021-01-01 04:32:23 UTC
Committed.  Thanks!
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2021-01-01 05:05:58 UTC
^Triage: 

- Assign to committer that resolved
- Track non MFH (assuming end of current quarter as reason)