Created attachment 168794 [details] patch lib/flow.c I just read about an issue on openvswitch (CVE-2016-2074) but there is a simple patch and also already a new 2.3.3 release available [1] I shaped only the patch from the CVE announcement [1] and tested a quick build, not functionality testing was made [1] http://openvswitch.org/pipermail/announce/2016-March/000082.html
A commit references this bug: Author: ohauer Date: Sun May 29 09:46:33 UTC 2016 New revision: 416090 URL: https://svnweb.freebsd.org/changeset/ports/416090 Log: - document openvswitch CVE-2016-2074 PR: 208404 Submitted by: ohauer Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: junovitch Date: Sun Jul 3 23:13:14 UTC 2016 New revision: 418004 URL: https://svnweb.freebsd.org/changeset/ports/418004 Log: Update earlier openvswitch entry with version fixed in ports PR: 208404 Reported by: ohauer Security: CVE-2016-2074 Security: https://vuxml.FreeBSD.org/freebsd/b53bbf58-257f-11e6-9f4d-20cf30e32f6d.html Changes: head/security/vuxml/vuln.xml
The fix landed in https://svnweb.FreeBSD.org/changeset/ports/417410 on 2016-06-24. This is already in the current 2016Q3 so the merge-quarterly portion is overcome by events (setting merge-quarterly-). Setting this as fixed as well as there is no further work to do and fixing the CC after the fact.