196777 – archivers/unzip: Port should be marked vulnerable to CVE-2014-8139, CVE-2014-8140, CVE-2014-8141

Bug 196777 - archivers/unzip: Port should be marked vulnerable to CVE-2014-8139, CVE-2014-8140, CVE-2014-8141

Summary: archivers/unzip: Port should be marked vulnerable to CVE-2014-8139, CVE-2014-...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Emanuel Haupt

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-01-15 18:49 UTC by rsimmons0
Modified:	2015-01-20 07:15 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (ehaupt)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description rsimmons0 2015-01-15 18:49:05 UTC

There is an unpatched vulnerability in unzip. The port should be marked as such.

http://www.ocert.org/advisories/ocert-2014-011.html

Comment 1 Bugzilla Automation freebsd_committer

2015-01-15 18:49:05 UTC

Auto-assigned to maintainer ehaupt@FreeBSD.org

Comment 2 commit-hook freebsd_committer

2015-01-16 08:18:23 UTC

A commit references this bug:

Author: ehaupt
Date: Fri Jan 16 08:18:15 UTC 2015
New revision: 377155
URL: https://svnweb.freebsd.org/changeset/ports/377155

Log:
  Document multiple archivers/unzip vulnerabilities (CVE-2014-8139,
  CVE-2014-8140, CVE-2014-8141).

  PR:		196777 (based on)
  Submitted by:	rsimmons0@gmail.com

Changes:
  head/security/vuxml/vuln.xml

Comment 3 Emanuel Haupt freebsd_committer

2015-01-16 08:27:02 UTC

Committed, thanks!

Comment 4 Emanuel Haupt freebsd_committer

2015-01-20 07:15:08 UTC

Close.