Bug 207174

Summary: misc/xdelta3: update to 3.0.11 (address CVE-2014-9765 in < 3.0.9)
Product: Ports & Packages Reporter: Jason Unovitch <junovitch>
Component: Individual Port(s)Assignee: Danilo Egea Gondolfo <danilo>
Status: Closed FIXED    
Severity: Affects Some People CC: ports-secteam
Priority: --- Keywords: needs-patch, needs-qa, security
Version: LatestFlags: bugzilla: maintainer-feedback? (danilo)
junovitch: merge-quarterly+
Hardware: Any   
OS: Any   
URL: http://www.openwall.com/lists/oss-security/2016/02/08/1

Description Jason Unovitch freebsd_committer freebsd_triage 2016-02-14 01:45:34 UTC 
http://www.openwall.com/lists/oss-security/2016/02/08/1

Also see: http://xdelta.org/
"3.0.11 is a bug-fix release addressing a performance bug and several crashes in the decoder (discovered by afl-fuzz)."

It looks like this has moved to github as well.
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-02-15 23:49:30 UTC 
A commit references this bug:

Author: danilo
Date: Mon Feb 15 23:49:12 UTC 2016
New revision: 408964
URL: https://svnweb.freebsd.org/changeset/ports/408964

Log:
  - Update to 3.0.11
  - Address CVE-2014-9765

  PR:		207174
  Submitted by:	junovitch
  MFH:		2016Q1

Changes:
  head/misc/xdelta3/Makefile
  head/misc/xdelta3/distinfo
  head/misc/xdelta3/files/patch-testing-regtest.cc.patch
  head/misc/xdelta3/files/patch-testing_regtest.cc
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-02-16 01:00:36 UTC 
A commit references this bug:

Author: junovitch
Date: Tue Feb 16 01:00:26 UTC 2016
New revision: 408967
URL: https://svnweb.freebsd.org/changeset/ports/408967

Log:
  Document xdelta3 buffer overflow vulnerability

  PR:		207174
  Security:	CVE-2014-9765
  Security:	https://vuxml.FreeBSD.org/freebsd/f1bf28c5-d447-11e5-b2bd-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-02-16 23:53:39 UTC 
A commit references this bug:

Author: danilo
Date: Tue Feb 16 23:53:10 UTC 2016
New revision: 409025
URL: https://svnweb.freebsd.org/changeset/ports/409025

Log:
  MFH: r408964

  - Update to 3.0.11
  - Address CVE-2014-9765

  PR:		207174
  Submitted by:	junovitch
  Approved by:	ports-secteam (miwi)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/misc/xdelta3/Makefile
  branches/2016Q1/misc/xdelta3/distinfo
  branches/2016Q1/misc/xdelta3/files/patch-testing-regtest.cc.patch
  branches/2016Q1/misc/xdelta3/files/patch-testing_regtest.cc
Comment 4 Jason Unovitch freebsd_committer freebsd_triage 2016-03-02 02:10:55 UTC 
Catch bugzilla up with commits and close PR.