Created attachment 192379 [details] Proposed patch (since 463365 revision) Patch to update devel/upp port from 11540 to 11873 version. Look following links for changes: https://sourceforge.net/projects/upp/files/upp/2018.1/ https://www.ultimatepp.org/www$uppweb$Roadmap$en-us.html - Add patch to fix CVE-2018-8740 for uppsrc/plugin/sqlite3/lib/sqlite3.c, similar to ports r465275 changes The build was tested on FreeBSD 10.3 amd64.
(In reply to comment #0) > - Add patch to fix CVE-2018-8740 for uppsrc/plugin/sqlite3/lib/sqlite3.c, > similar to ports r465275 changes Just for note: The uppsrc/plugin/sqlite3 was updated to 3.23.0 version in 11880 revision: https://github.com/ultimatepp/mirror/commit/19cdbaaecbbd0bcffa1ab4597a62577064e59c66 Therefore, the mentioned patch can be removed after next release.
Take
A commit references this bug: Author: fernape Date: Sun Jul 15 15:17:45 UTC 2018 New revision: 474697 URL: https://svnweb.freebsd.org/changeset/ports/474697 Log: security/vuxml: add entry for devel/upp Affected by CVE-2018-874 PR: 227414 Reported by: lightside@gmx.com Approved by: tcberner (mentor) Differential Revision: https://reviews.freebsd.org/D16017 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: fernape Date: Sun Jul 15 15:19:53 UTC 2018 New revision: 474699 URL: https://svnweb.freebsd.org/changeset/ports/474699 Log: devel/upp: update to 11873 Maintainer timed out. PR: 227414 Submitted by: lightside@gmx.com Approved by: tcberner (mentor) Security: CVE-2018-8740 Differential Revision: https://reviews.freebsd.org/D16017 Changes: head/devel/upp/Makefile head/devel/upp/distinfo head/devel/upp/files/ head/devel/upp/files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c
Committed, Thanks!