260549 – devel/py-opengrok-tools: Possible security issue: Update to 1.6.9 (>1.6.7?)

Bug 260549 - devel/py-opengrok-tools: Possible security issue: Update to 1.6.9 (>1.6.7?)

Summary: devel/py-opengrok-tools: Possible security issue: Update to 1.6.9 (>1.6.7?)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Don Lewis

URL:	https://github.com/oracle/opengrok/tr...
Keywords:	security

Depends on:	260534
Blocks:
	Show dependency tree / graph

Reported:	2021-12-19 19:25 UTC by Lucas Holt
Modified:	2022-05-05 00:49 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lucas Holt 2021-12-19 19:25:23 UTC

OpenGrok tools allow you to "deploy" a war file for the app rather than using the devel/opengrok port.  This likely means the old version is vulnerable to CVE-2021–2322

It should get updated to at least version 1.6.9.

Comment 1 Kubilay Kocak freebsd_committer

2021-12-19 20:48:35 UTC

@Reporter Can you provide upstream and addition references / links with regard to this issue?

Comment 2 Kubilay Kocak freebsd_committer

2021-12-19 21:25:32 UTC

^Triage: opengrok-tools is developed in the same repository as opengrok, and may require matching versions to the underlying opengrok version. Set dependency on the opengrok issue accordingly

Needs confirmation.

Note also: Latest opengrok version is 1.7.25

Comment 3 Don Lewis freebsd_committer

2022-05-01 20:42:12 UTC

devel/opengrok has been upgraded to 1.7.31, which is now the latest.

Comment 4 Kubilay Kocak freebsd_committer

2022-05-05 00:49:31 UTC

^Triage: Assign to committer that resolved (via bug 260534)