Bug 207740

Summary: devel/websvn: Add patches for CVE-2013-6892 and CVE-2016-2511
Product: Ports & Packages Reporter: Raphael Kubo da Costa <rakuco>
Component: Individual Port(s)Assignee: Mark Felder <feld>
Status: Closed FIXED    
Severity: Affects Only Me CC: feld, junovitch, ports-secteam, ychsiao
Priority: --- Keywords: patch-ready, security
Version: LatestFlags: rakuco: maintainer-feedback+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Proposed patch rakuco: maintainer-approval+

Description Raphael Kubo da Costa freebsd_committer 2016-03-06 13:26:14 UTC
Created attachment 167760 [details]
Proposed patch

The attached patches fix two CVEs with code obtained from Debian: CVE-2013-6892 and CVE-2016-2511.

The respective vuln.xml entries have already been added.
Comment 1 Mark Felder freebsd_committer 2016-03-06 17:05:00 UTC
I approve on behalf of ports-secteam for you to commit this update without waiting for maintainer feedback. Please include MFH: 2016Q1 in the commit message and we will approve the MFH as well. If you need assistance with the merge let me know.


Thanks!
Comment 2 commit-hook freebsd_committer 2016-03-06 18:27:40 UTC
A commit references this bug:

Author: rakuco
Date: Sun Mar  6 18:26:39 UTC 2016
New revision: 410474
URL: https://svnweb.freebsd.org/changeset/ports/410474

Log:
  Add patches to fix CVE-2013-6892 and CVE-2016-2511.

  PR:		207740
  Approved by:	ports-secteam (feld)
  MFH:		2016Q1

Changes:
  head/devel/websvn/Makefile
  head/devel/websvn/files/patch-CVE-2013-6892
  head/devel/websvn/files/patch-CVE-2016-2511
Comment 3 commit-hook freebsd_committer 2016-03-06 18:30:42 UTC
A commit references this bug:

Author: rakuco
Date: Sun Mar  6 18:30:23 UTC 2016
New revision: 410475
URL: https://svnweb.freebsd.org/changeset/ports/410475

Log:
  MFH: r410474

  Add patches to fix CVE-2013-6892 and CVE-2016-2511.

  PR:		207740
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/devel/websvn/Makefile
  branches/2016Q1/devel/websvn/files/patch-CVE-2013-6892
  branches/2016Q1/devel/websvn/files/patch-CVE-2016-2511