Bug 201134
| Summary: | [MAINTAINER] print/cups-filters: update to 1.0.70 | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Naram Qashat <cyberbotx> | ||||||||
| Component: | Individual Port(s) | Assignee: | Dmitry Marakasov <amdmi3> | ||||||||
| Status: | Closed FIXED | ||||||||||
| Severity: | Affects Only Me | CC: | junovitch, ports-secteam | ||||||||
| Priority: | --- | Keywords: | patch, patch-ready, security | ||||||||
| Version: | Latest | ||||||||||
| Hardware: | Any | ||||||||||
| OS: | Any | ||||||||||
| Attachments: |
|
||||||||||
Created attachment 158083 [details]
Poudriere log
Created attachment 158143 [details] security/vuxml entry for cups-filters CVE-2015-3258 - Add vuxml entry to supplement this maintainer update. Maintainer, Thanks for the submission. I added ports-secteam to CC given this was reported on oss-security as a security issue. ports-secteam@, Document CVE-2015-3258 reported here: http://www.openwall.com/lists/oss-security/2015/06/26/4 Supplement the entry with verbiage from the cups-filter upstream change log. http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363 ==== Validation env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cups-filters-1.0.69 cups-filters-1.0.69 is vulnerable: cups-filters -- buffer overflow in texttopdf size allocation CVE: CVE-2015-3258 WWW: https://vuxml.FreeBSD.org/freebsd/b19da422-1e02-11e5-b43d-002590263bf5.html 1 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit cups-filters-1.0.70 0 problem(s) in the installed packages found. # make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml (In reply to Naram Qashat from comment #1) Supplementing the 9.3-PRERELEASE Poudriere log attached, I have built on all currently supported releases along with CURRENT as shown by the trimmed output from my `poudriere jail -l` below. No Poudriere related QA issues were reported. 8.4-RELEASE-p31 amd64 8.4-RELEASE-p31 i386 9.3-RELEASE-p17 amd64 9.3-RELEASE-p17 i386 10.1-RELEASE-p13 amd64 10.1-RELEASE-p13 i386 11.0-CURRENT r284725 amd64 11.0-CURRENT r284725 i386 A commit references this bug: Author: amdmi3 Date: Tue Jun 30 21:47:58 UTC 2015 New revision: 391010 URL: https://svnweb.freebsd.org/changeset/ports/391010 Log: - Update to 1.0.70 PR: 201134 Submitted by: cyberbotx@cyberbotx.com (maintainer) Differential Revision: Changes: head/print/cups-filters/Makefile head/print/cups-filters/distinfo Dmitry, Can the attached CVE-2015-3258 vuxml entry be committed before we really call this one closed? Thanks. Oops, missed that, sorry. A commit references this bug: Author: amdmi3 Date: Tue Jun 30 23:56:41 UTC 2015 New revision: 391016 URL: https://svnweb.freebsd.org/changeset/ports/391016 Log: - Document CVE-2015-3258 (cups-filters buffer overflow vulnerability) PR: 201134 Submitted by: cyberbotx@cyberbotx.com Differential Revision: Changes: head/security/vuxml/vuln.xml Classify correctly after resolution |
Created attachment 158082 [details] cups-filters-1.0.70.patch Update to 1.0.70.