Bug 228141 - audio/wavpack: Add patches to fix multiple vulnerabilities and etc.
Summary: audio/wavpack: Add patches to fix multiple vulnerabilities and etc.
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Thomas Zander
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2018-05-11 07:44 UTC by Yasuhiro Kimura
Modified: 2018-05-13 09:42 UTC (History)
1 user (show)

See Also:
riggs: maintainer-feedback+
riggs: merge-quarterly+

Attachments
patch file (17.74 KB, patch)
2018-05-11 07:44 UTC, Yasuhiro Kimura 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura freebsd_committer freebsd_triage 2018-05-11 07:44:24 UTC 
Created attachment 193268 [details]
patch file

* Add upstream patches to fix following vulnerabilities.
  - CVE-2018-6767
  - CVE-2018-7253
  - CVE-2018-7254
  - CVE-2018-10536
  - CVE-2018-10537
  - CVE-2018-10538
  - CVE-2018-10539
  - CVE-2018-10540
* Add upstream patch to fix memory leak.
* Bump PORTREVISION.
Comment 1 Yasuhiro Kimura freebsd_committer freebsd_triage 2018-05-11 08:33:29 UTC 
(In reply to Yasuhiro KIMURA from comment #0)

I submitted bug #228146. It adds entry to VuXML documenting vulnerabilities fixed with this bug report. So please commit it together.
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-05-13 07:50:32 UTC 
A commit references this bug:

Author: riggs
Date: Sun May 13 07:50:15 UTC 2018
New revision: 469778
URL: https://svnweb.freebsd.org/changeset/ports/469778

Log:
  Fix multiple CVEs and memory leaks

  Details:
  - Import patches from upstream HEAD to address
    a bunch of critical CVEs including potential remote
    code execution and memory leaks

  PR:		228141
  Submitted by:	yasu@utahime.org
  MFH:		2018Q2
  Security:	CVE-2018-6767
  		CVE-2018-7253
  		CVE-2018-7254
  		CVE-2018-10536
  		CVE-2018-10537
  		CVE-2018-10538
  		CVE-2018-10539
  		CVE-2018-10540

Changes:
  head/audio/wavpack/Makefile
  head/audio/wavpack/files/patch-CVE-2018-10536_10537
  head/audio/wavpack/files/patch-CVE-2018-10538_10539_10540
  head/audio/wavpack/files/patch-CVE-2018-6767
  head/audio/wavpack/files/patch-CVE-2018-7253
  head/audio/wavpack/files/patch-CVE-2018-7254
  head/audio/wavpack/files/patch-fix-memory-leaks
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-05-13 09:39:44 UTC 
A commit references this bug:

Author: riggs
Date: Sun May 13 09:39:18 UTC 2018
New revision: 469785
URL: https://svnweb.freebsd.org/changeset/ports/469785

Log:
  MFH: r469778

  Fix multiple CVEs and memory leaks

  Details:
  - Import patches from upstream HEAD to address
    a bunch of critical CVEs including potential remote
    code execution and memory leaks

  PR:		228141
  Submitted by:	yasu@utahime.org
  Security:	CVE-2018-6767
  		CVE-2018-7253
  		CVE-2018-7254
  		CVE-2018-10536
  		CVE-2018-10537
  		CVE-2018-10538
  		CVE-2018-10539
  		CVE-2018-10540

  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2018Q2/
  branches/2018Q2/audio/wavpack/Makefile
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-10536_10537
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-10538_10539_10540
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-6767
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-7253
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-7254
  branches/2018Q2/audio/wavpack/files/patch-fix-memory-leaks