216026 – security/vuxml: Document vulnerability in RabbitMQ (CVE-2016-9877)

Bug 216026 - security/vuxml: Document vulnerability in RabbitMQ (CVE-2016-9877)

Summary: security/vuxml: Document vulnerability in RabbitMQ (CVE-2016-9877)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Jason Unovitch

URL:
Keywords:	patch

Depends on:
Blocks:

Reported:	2017-01-13 11:32 UTC by VK
Modified:	2017-01-15 03:08 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	junovitch: maintainer-feedback+

Attachments
Document vulnerability in RabbitMQ (CVE-2016-9877) (1.59 KB, patch) 2017-01-13 11:32 UTC, VK	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description VK 2017-01-13 11:32:48 UTC

Created attachment 178856 [details]
Document vulnerability in RabbitMQ (CVE-2016-9877)

A security vulnerability was discovered in RabbitMQ prior to 3.6.6. As the port has updated to this version just two months ago (so the version in HEAD and 2017Q1 are not vulnerable), it's still possible some users are affected.

The patch documents the vulnerability.

Comment 1 Jason Unovitch freebsd_committer

2017-01-15 03:04:07 UTC

Vladimir,
Thanks!

Comment 2 commit-hook freebsd_committer

2017-01-15 03:08:19 UTC

A commit references this bug:

Author: junovitch
Date: Sun Jan 15 03:03:06 UTC 2017
New revision: 431513
URL: https://svnweb.freebsd.org/changeset/ports/431513

Log:
  Document RabbitMQ Authentication vulnerability

  PR:		216026
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
  Security:	CVE-2016-9877
  Security:	https://vuxml.FreeBSD.org/freebsd/6aa956fb-d97f-11e6-a071-001e67f15f5a.html

Changes:
  head/security/vuxml/vuln.xml