Bug 280956 - textproc/md4c: update 0.4.7 → 0.5.2, fix CVE
Summary: textproc/md4c: update 0.4.7 → 0.5.2, fix CVE
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Fernando Apesteguía
URL: https://github.com/mity/md4c/blob/mas...
Keywords: security
Depends on:
Blocks:
 
Reported: 2024-08-20 23:13 UTC by Älven
Modified: 2024-08-25 11:58 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (rosenke)
fernape: merge-quarterly+

Attachments
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2 (2.29 KB, patch)
2024-08-20 23:13 UTC, Älven 		no flags Details | Diff
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2 (3.76 KB, patch)
2024-08-21 00:35 UTC, Älven 		no flags Details | Diff
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2, fix CVE (3.73 KB, patch)
2024-08-21 01:53 UTC, Älven 		alster: maintainer-approval? (rosenke)
 Details | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Älven 2024-08-20 23:13:41 UTC 
Created attachment 252965 [details]
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2
Comment 2 Älven 2024-08-21 00:35:45 UTC 
Created attachment 252967 [details]
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2
Comment 3 Älven 2024-08-21 01:53:36 UTC 
Created attachment 252972 [details]
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2, fix CVE
Comment 4 commit-hook freebsd_committer freebsd_triage 2024-08-23 18:03:46 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6b27d9ea72167081d6ddde68ce7458cb199b078b

commit 6b27d9ea72167081d6ddde68ce7458cb199b078b
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-08-23 17:56:57 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-08-23 18:02:45 +0000

    security/vuxml: Record DoS vulnerability for md4c

    PR:     280956
    Reported by: Älven <alster@vinterdalen.se>

 security/vuxml/vuln/2024.xml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
Comment 5 commit-hook freebsd_committer freebsd_triage 2024-08-23 18:11:51 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=156b0ec23240ad23d3786eabf689799c9d919bac

commit 156b0ec23240ad23d3786eabf689799c9d919bac
Author:     Älven <alster@vinterdalen.se>
AuthorDate: 2024-08-23 07:50:19 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-08-23 18:10:57 +0000

    textproc/md4c: update to 0.5.2

    ChangeLog: https://github.com/mity/md4c/blob/master/CHANGELOG.md

    Fixes CVE-2021-30027: DoS with malformed Markdown.

     * Base Score:  5.5 MEDIUM
     * Vector:      CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    PR:             280956
    Reported by:    alster@vinterdalen.se
    MFH:            2024Q3 (security fix)
    Security:       CVE-2021-30027

 textproc/md4c/Makefile  | 7 ++++---
 textproc/md4c/distinfo  | 6 +++---
 textproc/md4c/pkg-plist | 6 ++----
 3 files changed, 9 insertions(+), 10 deletions(-)
Comment 6 Fernando Apesteguía freebsd_committer freebsd_triage 2024-08-23 18:12:41 UTC 
Committed,

Thanks!
Comment 7 commit-hook freebsd_committer freebsd_triage 2024-08-25 11:57:30 UTC 
A commit in branch 2024Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=af64efa400a095b046e061837575f5a829500170

commit af64efa400a095b046e061837575f5a829500170
Author:     Älven <alster@vinterdalen.se>
AuthorDate: 2024-08-23 07:50:19 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-08-25 11:56:30 +0000

    textproc/md4c: update to 0.5.2

    ChangeLog: https://github.com/mity/md4c/blob/master/CHANGELOG.md

    Fixes CVE-2021-30027: DoS with malformed Markdown.

     * Base Score:  5.5 MEDIUM
     * Vector:      CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    PR:             280956
    Reported by:    alster@vinterdalen.se
    MFH:            2024Q3 (security fix)
    Security:       CVE-2021-30027

    (cherry picked from commit 156b0ec23240ad23d3786eabf689799c9d919bac)

 textproc/md4c/Makefile  | 7 ++++---
 textproc/md4c/distinfo  | 6 +++---
 textproc/md4c/pkg-plist | 6 ++----
 3 files changed, 9 insertions(+), 10 deletions(-)