Bug 196777

Summary: archivers/unzip: Port should be marked vulnerable to CVE-2014-8139, CVE-2014-8140, CVE-2014-8141
Product: Ports & Packages Reporter: rsimmons0
Component: Individual Port(s)Assignee: Emanuel Haupt <ehaupt>
Status: Closed FIXED    
Severity: Affects Only Me Flags: bugzilla: maintainer-feedback? (ehaupt)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   

Description rsimmons0 2015-01-15 18:49:05 UTC 
There is an unpatched vulnerability in unzip. The port should be marked as such.

http://www.ocert.org/advisories/ocert-2014-011.html
Comment 1 Bugzilla Automation freebsd_committer freebsd_triage 2015-01-15 18:49:05 UTC 
Auto-assigned to maintainer ehaupt@FreeBSD.org
Comment 2 commit-hook freebsd_committer freebsd_triage 2015-01-16 08:18:23 UTC 
A commit references this bug:

Author: ehaupt
Date: Fri Jan 16 08:18:15 UTC 2015
New revision: 377155
URL: https://svnweb.freebsd.org/changeset/ports/377155

Log:
  Document multiple archivers/unzip vulnerabilities (CVE-2014-8139,
  CVE-2014-8140, CVE-2014-8141).

  PR:		196777 (based on)
  Submitted by:	rsimmons0@gmail.com

Changes:
  head/security/vuxml/vuln.xml
Comment 3 Emanuel Haupt freebsd_committer freebsd_triage 2015-01-16 08:27:02 UTC 
Committed, thanks!
Comment 4 Emanuel Haupt freebsd_committer freebsd_triage 2015-01-20 07:15:08 UTC 
Close.