274900 – audio/vorbis-tools: Patch for CVE-2023-43361

Bug 274900 - audio/vorbis-tools: Patch for CVE-2023-43361

Summary: audio/vorbis-tools: Patch for CVE-2023-43361

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Christian Weisgerber

URL:	https://cve.mitre.org/cgi-bin/cvename...
Keywords:

Depends on:
Blocks:

Reported:	2023-11-04 08:45 UTC by Daniel Engberg
Modified:	2023-11-05 21:00 UTC (History)
CC List:	0 users

See Also:

Flags:	naddy: maintainer-feedback+

Attachments
Patch for vorbis-tools (1.52 KB, patch) 2023-11-04 08:46 UTC, Daniel Engberg	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Engberg freebsd_committer

2023-11-04 08:45:16 UTC

..and while at it switch to DISTVERSION

Source: https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7#note_55477

Preferably also needs a VuXML entry

Comment 1 Daniel Engberg freebsd_committer

2023-11-04 08:46:04 UTC

Created attachment 246097 [details]
Patch for vorbis-tools

Comment 2 commit-hook freebsd_committer

2023-11-05 20:04:11 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3308e6204714751e1e9a5021c3823a524cba69f1

commit 3308e6204714751e1e9a5021c3823a524cba69f1
Author:     Christian Weisgerber <naddy@FreeBSD.org>
AuthorDate: 2023-11-05 20:00:54 +0000
Commit:     Christian Weisgerber <naddy@FreeBSD.org>
CommitDate: 2023-11-05 20:00:54 +0000

    security/vuxml: document vorbis-tools vulnerability

    PR:             274900
    Reported by:    diizzy

 security/vuxml/vuln/2023.xml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

Comment 3 Christian Weisgerber freebsd_committer

2023-11-05 20:05:42 UTC

Thank you, please commit the patch.

Comment 4 commit-hook freebsd_committer

2023-11-05 21:00:21 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d2378ab547da27903d0201a0fef3d272f334d0ac

commit d2378ab547da27903d0201a0fef3d272f334d0ac
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-11-05 20:39:54 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-11-05 20:40:51 +0000

    audio/vorbis-tools: Add patch for CVE-2023-43361

    Reference:
    https://www.cve.org/CVERecord?id=CVE-2023-43361

    Source:
    https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7#note_55477

    PR:             274900
    Reviewed by:    naddy (maintainer)

 audio/vorbis-tools/Makefile                        |  4 +--
 .../vorbis-tools/files/patch-CVE-2023-43361 (new)  | 30 ++++++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)

Comment 5 Daniel Engberg freebsd_committer

2023-11-05 21:00:49 UTC

Thanks!