Bug 223931 - net/xrdp-devel: patch for CVE-2017-16927
Summary: net/xrdp-devel: patch for CVE-2017-16927
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Luca Pizzamiglio
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-28 01:55 UTC by Koichiro Iwao
Modified: 2018-01-02 11:40 UTC (History)
2 users (show)

See Also:

Attachments
CVE-2017-16927 (4.73 KB, text/plain)
2017-11-28 01:55 UTC, Koichiro Iwao 		meta: maintainer-approval+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Koichiro Iwao freebsd_committer freebsd_triage 2017-11-28 01:55:19 UTC 
Created attachment 188345 [details]
CVE-2017-16927

ref. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16927
Comment 1 Koichiro Iwao freebsd_committer freebsd_triage 2017-11-28 02:22:33 UTC 
Patch obtained from upstream: https://github.com/neutrinolabs/xrdp/pull/958
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-11-30 10:13:00 UTC 
A commit references this bug:

Author: pizzamig
Date: Thu Nov 30 10:12:27 UTC 2017
New revision: 455190
URL: https://svnweb.freebsd.org/changeset/ports/455190

Log:
  security/vuxml: Document vulnerability in net/xrdp-devel

  PR:		223931
  Reported by:	meta+ports@vmeta.jp (maintainer)
  Security:	CVE-2017-16927

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-11-30 10:17:06 UTC 
A commit references this bug:

Author: pizzamig
Date: Thu Nov 30 10:16:09 UTC 2017
New revision: 455191
URL: https://svnweb.freebsd.org/changeset/ports/455191

Log:
  net/xrdp-devel: Fix CVE-2017-16927

  Fix CVE-2017-16927
  Patch from upstream: https://github.com/neutrinolabs/xrdp/pull/958

  PR:		223931
  Submitted by:	meta+ports@vmeta.jp (maintainer)
  MFH:		2017Q4
  Security:	CVE-2017-16927

Changes:
  head/net/xrdp-devel/Makefile
  head/net/xrdp-devel/files/patch-CVE-2017-16927
Comment 4 Luca Pizzamiglio freebsd_committer freebsd_triage 2018-01-02 11:40:37 UTC 
The fix was committed in trunk and now also in quarterly 2018Q1.
Thanks for the patch!