Bug 209219

Summary: devel/jansson: denial of service vulnerability (CVE-2016-4425)
Product: Ports & Packages Reporter: Jason Unovitch <junovitch>
Component: Individual Port(s)Assignee: Vanilla I. Shu <vanilla>
Status: Closed FIXED    
Severity: Affects Some People CC: ports-secteam
Priority: --- Keywords: needs-patch, needs-qa, security
Version: LatestFlags: vanilla: maintainer-feedback+
junovitch: merge-quarterly+
Hardware: Any   
OS: Any   
URL: http://www.openwall.com/lists/oss-security/2016/05/02/1

Description Jason Unovitch freebsd_committer freebsd_triage 2016-05-03 00:22:48 UTC 
Maintainer of devel/jansson,
There is a report of an denial of service issue (CVE-2016-4425) in the library reported on oss-security (http://www.openwall.com/lists/oss-security/2016/05/02/1).  The report indicates this impacts jansson < 2.5 and the fix is still pending at https://github.com/akheron/jansson/issues/282.  When there is a resolution, this will need to filter down into the port and get a VuXML entry.
Comment 1 Jason Unovitch freebsd_committer freebsd_triage 2016-05-03 13:50:19 UTC 
It looks like the fix was applied upstream:
https://github.com/akheron/jansson/pull/284
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-05-04 06:25:48 UTC 
A commit references this bug:

Author: vanilla
Date: Wed May  4 06:25:13 UTC 2016
New revision: 414586
URL: https://svnweb.freebsd.org/changeset/ports/414586

Log:
  Fix CVE-2016-4425.

  PR:		209219
  Submitted by:	junovitch@

Changes:
  head/devel/jansson/Makefile
  head/devel/jansson/files/patch-CVE-2016-4425
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-05-04 06:26:49 UTC 
A commit references this bug:

Author: vanilla
Date: Wed May  4 06:25:53 UTC 2016
New revision: 414587
URL: https://svnweb.freebsd.org/changeset/ports/414587

Log:
  Add entry of devel/jansson

  PR:		209219
  Submitted by:	junovitch@

Changes:
  head/security/vuxml/vuln.xml