Bug 213199 - archivers/file-roller CVE-2016-7162
Summary: archivers/file-roller CVE-2016-7162
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Koop Mast
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2016-10-04 17:03 UTC by Sevan Janiyan
Modified: 2016-12-28 02:32 UTC (History)
4 users (show)

See Also:
junovitch: merge-quarterly+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2016-10-04 17:03:55 UTC 
Vulnerable & missing vuxml entry
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7162
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-10-12 04:48:11 UTC 
A commit references this bug:

Author: feld
Date: Wed Oct 12 04:47:34 UTC 2016
New revision: 423829
URL: https://svnweb.freebsd.org/changeset/ports/423829

Log:
  Document file-roller vulnerability

  PR:		213199
  Security:	CVE-2016-7162

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Mark Felder freebsd_committer freebsd_triage 2016-10-12 04:48:35 UTC 
documented vulnerability in vuxml. Can someone from gnome comment on updating this to an unaffected version?
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-10-26 14:40:50 UTC 
A commit references this bug:

Author: kwm
Date: Wed Oct 26 14:40:05 UTC 2016
New revision: 424708
URL: https://svnweb.freebsd.org/changeset/ports/424708

Log:
  Update file-roller to 3.20.3.

  PR:		213199
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  MFH:		2016Q4
  Security:	ad479f89-9020-11e6-a590-14dae9d210b8

Changes:
  head/archivers/file-roller/Makefile
  head/archivers/file-roller/distinfo
  head/archivers/file-roller/pkg-plist
Comment 4 Koop Mast freebsd_committer freebsd_triage 2016-12-24 17:41:08 UTC 
It appears I forgot to close this bug.

Fix committed back in oktober. Thanks for reporting!
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-12-28 02:31:42 UTC 
A commit references this bug:

Author: junovitch
Date: Wed Dec 28 02:31:21 UTC 2016
New revision: 429687
URL: https://svnweb.freebsd.org/changeset/ports/429687

Log:
  MFH: r424708

  Update file-roller to 3.20.3.

  PR:		213199
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Security:	ad479f89-9020-11e6-a590-14dae9d210b8
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/archivers/file-roller/Makefile
  branches/2016Q4/archivers/file-roller/distinfo
  branches/2016Q4/archivers/file-roller/pkg-plist
Comment 6 Jason Unovitch freebsd_committer freebsd_triage 2016-12-28 02:32:40 UTC 
Hmmm, looks like we somehow missed the MFH. Fixed and set the Bugzilla tag to match.