Bug 151364 - update archivers/bzip2 to 1.0.6 to fix CVE-2010-0405
Summary: update archivers/bzip2 to 1.0.6 to fix CVE-2010-0405
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Po-Chuan Hsieh
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-10 15:40 UTC by Eugene Grosbein
Modified: 2010-10-25 17:00 UTC (History)
0 users

See Also:

Attachments
file.diff (875 bytes, patch)
2010-10-10 15:40 UTC, Eugene Grosbein 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Eugene Grosbein 2010-10-10 15:40:01 UTC 
	The port archivers/bzip2 still installs version 1.0.5
	that's vulnerable to CVE-2010-0405. Let's move to 1.0.6 containing fix.

How-To-Repeat: 	I still have some remote installations of FreeBSD 4.11-STABLE
	that run rock-stable. Some software (e.g. clamav antivirus) that
	link with libbz2 contain configure script that demonstrate
	segfaults if linked with version before 1.0.6
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2010-10-10 15:40:07 UTC 
Maintainer of archivers/bzip2,

Please note that PR ports/151364 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/151364

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2010-10-10 15:40:09 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 Po-Chuan Hsieh freebsd_committer freebsd_triage 2010-10-11 01:57:46 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->sunpoet

I'll take it.
Comment 4 jharris 2010-10-23 20:01:49 UTC 
On Sun, Oct 10, 2010 at 02:40:07PM +0000, Edwin Groothuis wrote:

> Maintainer of archivers/bzip2,
> 
> Please note that PR ports/151364 has just been submitted.

 
> The full text of the PR can be found at:
>     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/151364


Approved, thanks!

-- 
Jason Harris           |  PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ Got photons? (TM), (C) 2004
Comment 5 dfilter service freebsd_committer freebsd_triage 2010-10-25 16:58:52 UTC 
sunpoet     2010-10-25 15:58:47 UTC

  FreeBSD ports repository

  Modified files:
    archivers/bzip2      Makefile distinfo 
  Log:
  - Update to 1.0.6
  
  PR:             ports/151364
  Security:       CVE-2010-0405
  Submitted by:   Eugene Grosbein <eugen@eg.sd.rdtc.ru>
  Approved by:    Jason Harris <jharris@widomaker.com> (maintainer), pgollucci (mentor, implicit)
  
  Revision  Changes    Path
  1.44      +1 -1      ports/archivers/bzip2/Makefile
  1.16      +3 -3      ports/archivers/bzip2/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 6 Po-Chuan Hsieh freebsd_committer freebsd_triage 2010-10-25 16:58:58 UTC 
State Changed
From-To: feedback->closed

Committed. Thanks!