Bug 280975 - sysutils/afflib: update 3.7.16 → 3.7.20, fix CVE
Summary: sysutils/afflib: update 3.7.16 → 3.7.20, fix CVE
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Antoine Brodin
URL: https://github.com/sshock/AFFLIBv3/re...
Keywords: security
Depends on:
Blocks:
 
Reported: 2024-08-21 12:17 UTC by Älven
Modified: 2024-08-21 19:50 UTC (History)
1 user (show)

See Also:
antoine: maintainer-feedback+

Attachments
[PATCH] sysutils/afflib: update 3.7.16 → 3.7.20, fix CVE (3.61 KB, patch)
2024-08-21 12:17 UTC, Älven 		alster: maintainer-approval? (antoine)
 Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Älven 2024-08-21 12:17:30 UTC 
Created attachment 252983 [details]
[PATCH] sysutils/afflib: update 3.7.16 → 3.7.20, fix CVE
Comment 1 commit-hook freebsd_committer freebsd_triage 2024-08-21 19:33:50 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=24cbb6294317d1d218f59eab8a1a0b423f0e1476

commit 24cbb6294317d1d218f59eab8a1a0b423f0e1476
Author:     Antoine Brodin <antoine@FreeBSD.org>
AuthorDate: 2024-08-21 19:32:08 +0000
Commit:     Antoine Brodin <antoine@FreeBSD.org>
CommitDate: 2024-08-21 19:32:08 +0000

    sysutils/afflib: update to 3.7.20

    PR:             280975

 sysutils/afflib/Makefile | 3 +--
 sysutils/afflib/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)
Comment 2 Antoine Brodin freebsd_committer freebsd_triage 2024-08-21 19:36:45 UTC 
Port updated, thanks
Comment 3 Älven 2024-08-21 19:42:31 UTC 
Thank you too. And what about VuXML? I tried to include it also to warn users about need to upgrade (or just because I that it was right thing to do).
Or it's something to be added by @ports-secteam only?
Comment 4 Antoine Brodin freebsd_committer freebsd_triage 2024-08-21 19:50:10 UTC 
(In reply to Älven from comment #3)
I don't touch vuxml.
And as it is only a local crash,  I'm not sure it's worth warning the user.