Bug 209534

Summary:	net/openafs - multiple vulnerabilities
Product:	Ports & Packages	Reporter:	Sevan Janiyan <venture37>
Component:	Individual Port(s)	Assignee:	Benjamin Kaduk <bjk>
Status:	Closed FIXED
Severity:	Affects Only Me	CC:	junovitch, ports-secteam
Priority:	---	Keywords:	security
Version:	Latest	Flags:	bugzilla: maintainer-feedback? (bjk) junovitch: merge-quarterly+
Hardware:	Any
OS:	Any

Description Sevan Janiyan 2016-05-16 02:04:43 UTC

http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt
CVE-2016-2860 - http://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
CVE-2015-8312 - https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16

Comment 1 Benjamin Kaduk freebsd_committer

2016-05-16 02:08:12 UTC

I hope to have time to pull in 1.6.18 soon, which includes those fixes.

Comment 2 Sevan Janiyan 2016-05-16 02:12:18 UTC

vuxml entry in the meantime as a heads up?

Comment 3 Sevan Janiyan 2016-05-16 02:20:17 UTC

(In reply to Sevan Janiyan from comment #0)

CVE-2016-4536 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4536

Comment 4 Benjamin Kaduk freebsd_committer

2016-05-17 03:12:44 UTC

Diff to update the port to 1.6.18 is at https://people.freebsd.org/~bjk/openafs-1.6.18.diff

Comment 5 commit-hook freebsd_committer

2016-05-27 00:06:06 UTC

A commit references this bug:

Author: bjk
Date: Fri May 27 00:05:07 UTC 2016
New revision: 415920
URL: https://svnweb.freebsd.org/changeset/ports/415920

Log:
  Update net/openafs to upstream 1.6.18

  This includes the changes in 1.6.17, a security release.

  PR:		209534
  Approved by:	mat (ports committer)
  Security:	CVE-2016-2860

Changes:
  head/net/openafs/Makefile
  head/net/openafs/distinfo

Comment 6 commit-hook freebsd_committer

2016-06-05 18:04:17 UTC

A commit references this bug:

Author: junovitch
Date: Sun Jun  5 18:04:12 UTC 2016
New revision: 416410
URL: https://svnweb.freebsd.org/changeset/ports/416410

Log:
  Document OpenAFS vulnerabilities in 1.6.16 and 1.6.17

  PR:		209534
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Security:	CVE-2015-8312
  Security:	CVE-2016-2860
  Security:	CVE-2016-4536
  Security:	https://vuxml.FreeBSD.org/freebsd/2e8fe57e-2b46-11e6-ae88-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/bcbd3fe0-2b46-11e6-ae88-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml

Comment 7 commit-hook freebsd_committer

2016-06-05 18:06:19 UTC

A commit references this bug:

Author: junovitch
Date: Sun Jun  5 18:05:46 UTC 2016
New revision: 416411
URL: https://svnweb.freebsd.org/changeset/ports/416411

Log:
  MFH: r415920

  Update net/openafs to upstream 1.6.18

  This includes the changes in 1.6.17, a security release.

  PR:		209534
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Security:	CVE-2015-8312
  Security:	CVE-2016-2860
  Security:	CVE-2016-4536
  Security:	https://vuxml.FreeBSD.org/freebsd/2e8fe57e-2b46-11e6-ae88-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/bcbd3fe0-2b46-11e6-ae88-002590263bf5.html
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q2/
  branches/2016Q2/net/openafs/Makefile
  branches/2016Q2/net/openafs/distinfo

Comment 8 Jason Unovitch freebsd_committer

2016-06-05 18:07:24 UTC

bjk@, please don't forget the MFH: tag on the next security update.