Bug 206072 - textproc/py-pygments: Add patch for CVE-2015-8557
Summary: textproc/py-pygments: Add patch for CVE-2015-8557
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Raphael Kubo da Costa
URL: https://web.nvd.nist.gov/view/vuln/de...
Keywords: security
Depends on:
Blocks:
 
Reported: 2016-01-09 13:53 UTC by Raphael Kubo da Costa
Modified: 2016-01-17 12:05 UTC (History)
5 users (show)

See Also:
rakuco: maintainer-feedback-

Attachments
Proposed patch (2.64 KB, patch)
2016-01-09 13:53 UTC, Raphael Kubo da Costa 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Raphael Kubo da Costa freebsd_committer freebsd_triage 2016-01-09 13:53:24 UTC 
Created attachment 165313 [details]
Proposed patch

The attached patch fixes a shell injection vulnerability that I've already documented in vuln.xml. More information here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8557
Comment 1 Raphael Kubo da Costa freebsd_committer freebsd_triage 2016-01-11 21:09:48 UTC 
ping ports-secteam?
Comment 2 Christian Schwarz 2016-01-17 11:28:32 UTC 
(In reply to Raphael Kubo da Costa from comment #1)

Bump. This vulnerability has been around for more than a week now.
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2016-01-17 11:59:11 UTC 
Already added to VuXML:

http://www.vuxml.org/freebsd/5f276780-b6ce-11e5-9731-5453ed2e2b49.html
Comment 4 Martin Wilke freebsd_committer freebsd_triage 2016-01-17 12:01:06 UTC 
Please go with this patch.

Approved with my ports-secteam hat.
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-01-17 12:04:11 UTC 
A commit references this bug:

Author: rakuco
Date: Sun Jan 17 12:03:37 UTC 2016
New revision: 406304
URL: https://svnweb.freebsd.org/changeset/ports/406304

Log:
  Add upstream patch to fix CVE-2015-8557.

  PR:		206072
  Approved by:	ports-secteam (miwi)
  Security:	5f276780-b6ce-11e5-9731-5453ed2e2b49

Changes:
  head/textproc/py-pygments/Makefile
  head/textproc/py-pygments/files/
  head/textproc/py-pygments/files/patch-CVE-2015-8557
Comment 6 commit-hook freebsd_committer freebsd_triage 2016-01-17 12:05:14 UTC 
A commit references this bug:

Author: rakuco
Date: Sun Jan 17 12:04:48 UTC 2016
New revision: 406305
URL: https://svnweb.freebsd.org/changeset/ports/406305

Log:
  MFH: r406304

  Add upstream patch to fix CVE-2015-8557.

  PR:		206072
  Approved by:	ports-secteam (miwi)
  Security:	5f276780-b6ce-11e5-9731-5453ed2e2b49

  Approved by:	portmgr blanket approval

Changes:
_U  branches/2016Q1/
  branches/2016Q1/textproc/py-pygments/Makefile
  branches/2016Q1/textproc/py-pygments/files/