Bug 211023 - textproc/xerces-c3 - Multiple Vulnerabilities
Summary: textproc/xerces-c3 - Multiple Vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Some People
Assignee: Po-Chuan Hsieh
URL:
Keywords: needs-patch, security
Depends on:
Blocks:
 
Reported: 2016-07-12 01:42 UTC by Sevan Janiyan
Modified: 2016-07-26 16:06 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (sunpoet)
feld: merge-quarterly+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2016-07-12 01:42:29 UTC 
version currently in ports in vulnerable to CVE-2016-2099 and missing a vuxml entry
Comment 1 Sevan Janiyan 2016-07-12 01:47:44 UTC 
and CVE-2016-4463 also
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-07-26 16:03:32 UTC 
A commit references this bug:

Author: feld
Date: Tue Jul 26 16:03:17 UTC 2016
New revision: 419122
URL: https://svnweb.freebsd.org/changeset/ports/419122

Log:
  Document xerces-c3 vulnerabilities

  PR:		211023
  Security:	CVE-2016-2099
  Security:	CVE-2016-4463

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-07-26 16:05:34 UTC 
A commit references this bug:

Author: feld
Date: Tue Jul 26 16:05:24 UTC 2016
New revision: 419123
URL: https://svnweb.freebsd.org/changeset/ports/419123

Log:
  textproc/xerces-c3: Update to 3.1.4

  Changelog:	https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069

  PR:		211023
  MFH:		2016Q3

Changes:
  head/textproc/xerces-c3/Makefile
  head/textproc/xerces-c3/distinfo
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-07-26 16:06:37 UTC 
A commit references this bug:

Author: feld
Date: Tue Jul 26 16:05:57 UTC 2016
New revision: 419125
URL: https://svnweb.freebsd.org/changeset/ports/419125

Log:
  MFH: r419123

  textproc/xerces-c3: Update to 3.1.4

  Changelog:	https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069

  PR:		211023

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q3/
  branches/2016Q3/textproc/xerces-c3/Makefile
  branches/2016Q3/textproc/xerces-c3/distinfo