Bug 206150

Summary: net-im/prosody: Update to 0.9.9
Product: Ports & Packages Reporter: Anton Shestakov <av6>
Component: Individual Port(s)Assignee: David Thiel <lx>
Status: Closed FIXED    
Severity: Affects Some People CC: junovitch, ports-secteam
Priority: --- Keywords: needs-qa, patch, security
Version: LatestFlags: koobs: maintainer-feedback+
junovitch: merge-quarterly+
Hardware: Any   
OS: Any   
URL: http://blog.prosody.im/prosody-0-9-9-security-release/

Description Anton Shestakov 2016-01-12 08:57:24 UTC 
Prosody 0.9.9 was recently released, and it fixes CVE-2016-1231 and CVE-2016-1232: http://blog.prosody.im/prosody-0-9-9-security-release/

It would be nice to have this version in ports. I'd make a patch, but I'm not a FreeBSD user and don't have the experience with ports (at least yet).
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-01-12 21:31:28 UTC 
A commit references this bug:

Author: lx
Date: Tue Jan 12 21:31:17 UTC 2016
New revision: 405917
URL: https://svnweb.freebsd.org/changeset/ports/405917

Log:
  Update to 0.9.9, fixing several bugs including security issues.

  PR:	206150
  Submitted by:	Anton Shestakov
  MFH:		2016Q1

Changes:
  head/net-im/prosody/Makefile
  head/net-im/prosody/distinfo
Comment 2 David Thiel freebsd_committer freebsd_triage 2016-01-12 21:36:07 UTC 
Committed, thanks for the heads-up!
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-01-14 00:26:20 UTC 
A commit references this bug:

Author: junovitch
Date: Thu Jan 14 00:26:00 UTC 2016
New revision: 406085
URL: https://svnweb.freebsd.org/changeset/ports/406085

Log:
  Document two vulnerabilities in Prosody

  PR:		206150
  Reported by:	Anton Shestakov <av6@dwimlabs.net>
  Security:	CVE-2016-1232
  Security:	CVE-2016-1231
  Security:	https://vuxml.FreeBSD.org/freebsd/842cd117-ba54-11e5-9728-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 4 Jason Unovitch freebsd_committer freebsd_triage 2016-01-18 17:21:22 UTC 
Ping and set as open again.

Has the approval for the MFH that was automatically trigger by the commit message come back?  The PR should be closed and "merge-quarterly+" set when the MFH is made.
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-01-26 03:57:23 UTC 
A commit references this bug:

Author: junovitch
Date: Tue Jan 26 03:57:15 UTC 2016
New revision: 407259
URL: https://svnweb.freebsd.org/changeset/ports/407259

Log:
  MFH: r405917

  Update to 0.9.9, fixing several bugs including security issues.

  PR:		206150
  Submitted by:	Anton Shestakov
  Approved by:	ports-secteam (feld)
  Security:	CVE-2016-1232
  Security:	CVE-2016-1231
  Security:	https://vuxml.FreeBSD.org/freebsd/842cd117-ba54-11e5-9728-002590263bf5.html

Changes:
_U  branches/2016Q1/
  branches/2016Q1/net-im/prosody/Makefile
  branches/2016Q1/net-im/prosody/distinfo
Comment 6 Jason Unovitch freebsd_committer freebsd_triage 2016-01-26 03:58:10 UTC 
Close again and set merge-quarterly+ after MFH.