Bug 280956 - textproc/md4c: update 0.4.7 → 0.5.2, fix CVE
Summary: textproc/md4c: update 0.4.7 → 0.5.2, fix CVE
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Fernando Apesteguía
URL: https://github.com/mity/md4c/blob/mas...
Keywords: security
Depends on:
Blocks:
 
Reported: 2024-08-20 23:13 UTC by Älven
Modified: 2024-08-25 11:58 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (rosenke)
fernape: merge-quarterly+


Attachments
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2 (2.29 KB, patch)
2024-08-20 23:13 UTC, Älven
no flags Details | Diff
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2 (3.76 KB, patch)
2024-08-21 00:35 UTC, Älven
no flags Details | Diff
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2, fix CVE (3.73 KB, patch)
2024-08-21 01:53 UTC, Älven
alster: maintainer-approval? (rosenke)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Älven 2024-08-20 23:13:41 UTC
Created attachment 252965 [details]
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2
Comment 2 Älven 2024-08-21 00:35:45 UTC
Created attachment 252967 [details]
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2
Comment 3 Älven 2024-08-21 01:53:36 UTC
Created attachment 252972 [details]
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2, fix CVE
Comment 4 commit-hook freebsd_committer freebsd_triage 2024-08-23 18:03:46 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6b27d9ea72167081d6ddde68ce7458cb199b078b

commit 6b27d9ea72167081d6ddde68ce7458cb199b078b
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-08-23 17:56:57 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-08-23 18:02:45 +0000

    security/vuxml: Record DoS vulnerability for md4c

    PR:     280956
    Reported by: Älven <alster@vinterdalen.se>

 security/vuxml/vuln/2024.xml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
Comment 5 commit-hook freebsd_committer freebsd_triage 2024-08-23 18:11:51 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=156b0ec23240ad23d3786eabf689799c9d919bac

commit 156b0ec23240ad23d3786eabf689799c9d919bac
Author:     Älven <alster@vinterdalen.se>
AuthorDate: 2024-08-23 07:50:19 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-08-23 18:10:57 +0000

    textproc/md4c: update to 0.5.2

    ChangeLog: https://github.com/mity/md4c/blob/master/CHANGELOG.md

    Fixes CVE-2021-30027: DoS with malformed Markdown.

     * Base Score:  5.5 MEDIUM
     * Vector:      CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    PR:             280956
    Reported by:    alster@vinterdalen.se
    MFH:            2024Q3 (security fix)
    Security:       CVE-2021-30027

 textproc/md4c/Makefile  | 7 ++++---
 textproc/md4c/distinfo  | 6 +++---
 textproc/md4c/pkg-plist | 6 ++----
 3 files changed, 9 insertions(+), 10 deletions(-)
Comment 6 Fernando Apesteguía freebsd_committer freebsd_triage 2024-08-23 18:12:41 UTC
Committed,

Thanks!
Comment 7 commit-hook freebsd_committer freebsd_triage 2024-08-25 11:57:30 UTC
A commit in branch 2024Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=af64efa400a095b046e061837575f5a829500170

commit af64efa400a095b046e061837575f5a829500170
Author:     Älven <alster@vinterdalen.se>
AuthorDate: 2024-08-23 07:50:19 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-08-25 11:56:30 +0000

    textproc/md4c: update to 0.5.2

    ChangeLog: https://github.com/mity/md4c/blob/master/CHANGELOG.md

    Fixes CVE-2021-30027: DoS with malformed Markdown.

     * Base Score:  5.5 MEDIUM
     * Vector:      CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    PR:             280956
    Reported by:    alster@vinterdalen.se
    MFH:            2024Q3 (security fix)
    Security:       CVE-2021-30027

    (cherry picked from commit 156b0ec23240ad23d3786eabf689799c9d919bac)

 textproc/md4c/Makefile  | 7 ++++---
 textproc/md4c/distinfo  | 6 +++---
 textproc/md4c/pkg-plist | 6 ++----
 3 files changed, 9 insertions(+), 10 deletions(-)