Bug 211206
| Summary: | www/nextcloud: Update to 9.0.53 (Fixes security vulnerability: https://httpoxy.org/#cve) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Kurt Jaeger <pi> | ||||
| Component: | Individual Port(s) | Assignee: | Kurt Jaeger <pi> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | feld, loic.blot, pi, ports-secteam | ||||
| Priority: | --- | Keywords: | patch, security | ||||
| Version: | Latest | Flags: | loic.blot:
maintainer-feedback+
feld: merge-quarterly+ |
||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
I test it now Thanks Kurt, it's okay for me you can push A commit references this bug: Author: pi Date: Tue Jul 19 04:13:46 UTC 2016 New revision: 418759 URL: https://svnweb.freebsd.org/changeset/ports/418759 Log: www/nextcloud: 9.0.52 -> 9.0.53 - Guzzle 5 is shipped as part of Nextcloud and can be abused, in some special scenarios PR: 211206 Approved by: Loic Blot <loic.blot@unix-experience.fr> (maintainer) MFH: 2016Q3 Changes: https://nextcloud.com/httpoxy-can-affect-nextcloud-get-your-update-now/ Security: https://httpoxy.org/ Changes: head/www/nextcloud/Makefile head/www/nextcloud/distinfo A commit references this bug: Author: feld Date: Tue Jul 26 14:00:23 UTC 2016 New revision: 419110 URL: https://svnweb.freebsd.org/changeset/ports/419110 Log: MFH: r418724 r418759 www/nextcloud: 9.0.51 -> 9.0.52 www/nextcloud: 9.0.52 -> 9.0.53 - Guzzle 5 is shipped as part of Nextcloud and can be abused, in some special scenarios PR: 211206 Changes: https://nextcloud.com/httpoxy-can-affect-nextcloud-get-your-update-now/ Security: https://httpoxy.org/ Approved by: ports-secteam (with hat) Changes: _U branches/2016Q3/ branches/2016Q3/www/nextcloud/Makefile branches/2016Q3/www/nextcloud/distinfo branches/2016Q3/www/nextcloud/pkg-plist |
Created attachment 172673 [details] patch See below, testbuild is OK