Created attachment 200179 [details] update to 19.9.0 update to 19.9.0
*** Bug 213084 has been marked as a duplicate of this bug. ***
Any news? 19.4.5 is fairly old and also affected by CVE-2018-1000164. https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5
(In reply to Tobias Kortkamp from comment #2) > Any news? 19.4.5 is fairly old and also affected by CVE-2018-1000164. > > https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19. > 4.5 Added to vuln.xml in ports r494678 (forgot to reference this PR)
Thanks for the VuXML entry Tobias. If you've QA'd the attached patch (in particular the test suite), feel free to assign yourself, commit and merge
A commit references this bug: Author: wen Date: Tue Mar 5 23:35:53 UTC 2019 New revision: 494753 URL: https://svnweb.freebsd.org/changeset/ports/494753 Log: - Update to 19.9.0(include security fix) PR: 234088 Submitted by: wenheping2000@hotmail.com(myself) Approved by: maintainer MFH: 2019Q1 Changes: head/www/py-gunicorn/Makefile head/www/py-gunicorn/distinfo head/www/py-gunicorn/files/
I committed the PR. I remove the patch file patch-requirements__test.txt, because 2 tests failed with test-depend package in ports. Thank you, tobik@ and koobs@.
A commit references this bug: Author: wen Date: Thu Mar 7 06:20:17 UTC 2019 New revision: 494904 URL: https://svnweb.freebsd.org/changeset/ports/494904 Log: MFH: r494753 - Update to 19.9.0(include security fix) PR: 234088 Submitted by: wenheping2000@hotmail.com(myself) Approved by: maintainer Approved by: ports-secteam@(miwi@) Changes: _U branches/2019Q1/ branches/2019Q1/www/py-gunicorn/Makefile branches/2019Q1/www/py-gunicorn/distinfo branches/2019Q1/www/py-gunicorn/files/
Thank you Wen