215464 – www/lynx - multiple vulnerabilites

Bug 215464 - www/lynx - multiple vulnerabilites

Summary: www/lynx - multiple vulnerabilites

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Mark Felder

URL:
Keywords:	security

Depends on:
Blocks:

Reported:	2016-12-21 11:44 UTC by Sevan Janiyan
Modified:	2017-01-09 17:16 UTC (History)
CC List:	3 users (show)

See Also:

Flags:	jharris: maintainer-feedback+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sevan Janiyan 2016-12-21 11:44:03 UTC

Vulnerable to POODLE attack
Patch https://hg.java.net/hg/solaris-userland~gate/file/bc5351dcb9ac/components/lynx/patches/02-init-openssl.patch
Vulnerable to CVE-2016-9179
Patch https://hg.java.net/hg/solaris-userland~gate/file/0a979060f73b/components/lynx/patches/05-fix-CVE-2016-9179.patch
Missing vuxml entry

Comment 1 jharris 2016-12-21 15:52:49 UTC

Approved, thanks!

Comment 2 commit-hook freebsd_committer

2017-01-09 17:15:06 UTC

A commit references this bug:

Author: feld
Date: Mon Jan  9 17:14:14 UTC 2017
New revision: 430983
URL: https://svnweb.freebsd.org/changeset/ports/430983

Log:
  Document lynx vulnerabilities

  PR:		215464
  Security:	CVE-2014-3566
  Security:	CVE-2016-9179

Changes:
  head/security/vuxml/vuln.xml

Comment 3 commit-hook freebsd_committer

2017-01-09 17:16:09 UTC

A commit references this bug:

Author: feld
Date: Mon Jan  9 17:15:11 UTC 2017
New revision: 430984
URL: https://svnweb.freebsd.org/changeset/ports/430984

Log:
  www/lynx: Patch vulnerabilities

  PR:		215464
  MFH:		2017Q1
  Security:	CVE-2014-3566
  Security:	CVE-2016-9179

Changes:
  head/www/lynx/Makefile
  head/www/lynx/files/patch-CVE-2014-3566
  head/www/lynx/files/patch-CVE-2016-9179

Comment 4 commit-hook freebsd_committer

2017-01-09 17:16:11 UTC

A commit references this bug:

Author: feld
Date: Mon Jan  9 17:15:50 UTC 2017
New revision: 430985
URL: https://svnweb.freebsd.org/changeset/ports/430985

Log:
  MFH: r430984

  www/lynx: Patch vulnerabilities

  PR:		215464
  Security:	CVE-2014-3566
  Security:	CVE-2016-9179

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/www/lynx/Makefile
  branches/2017Q1/www/lynx/files/patch-CVE-2014-3566
  branches/2017Q1/www/lynx/files/patch-CVE-2016-9179