Bug 213199

Summary: archivers/file-roller CVE-2016-7162
Product: Ports & Packages Reporter: Sevan Janiyan <venture37>
Component: Individual Port(s)Assignee: Koop Mast <kwm>
Status: Closed FIXED    
Severity: Affects Only Me CC: feld, junovitch, kwm, ports-secteam
Priority: --- Keywords: security
Version: LatestFlags: junovitch: merge-quarterly+
Hardware: Any   
OS: Any   

Description Sevan Janiyan 2016-10-04 17:03:55 UTC 
Vulnerable & missing vuxml entry
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7162
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-10-12 04:48:11 UTC 
A commit references this bug:

Author: feld
Date: Wed Oct 12 04:47:34 UTC 2016
New revision: 423829
URL: https://svnweb.freebsd.org/changeset/ports/423829

Log:
  Document file-roller vulnerability

  PR:		213199
  Security:	CVE-2016-7162

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Mark Felder freebsd_committer freebsd_triage 2016-10-12 04:48:35 UTC 
documented vulnerability in vuxml. Can someone from gnome comment on updating this to an unaffected version?
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-10-26 14:40:50 UTC 
A commit references this bug:

Author: kwm
Date: Wed Oct 26 14:40:05 UTC 2016
New revision: 424708
URL: https://svnweb.freebsd.org/changeset/ports/424708

Log:
  Update file-roller to 3.20.3.

  PR:		213199
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  MFH:		2016Q4
  Security:	ad479f89-9020-11e6-a590-14dae9d210b8

Changes:
  head/archivers/file-roller/Makefile
  head/archivers/file-roller/distinfo
  head/archivers/file-roller/pkg-plist
Comment 4 Koop Mast freebsd_committer freebsd_triage 2016-12-24 17:41:08 UTC 
It appears I forgot to close this bug.

Fix committed back in oktober. Thanks for reporting!
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-12-28 02:31:42 UTC 
A commit references this bug:

Author: junovitch
Date: Wed Dec 28 02:31:21 UTC 2016
New revision: 429687
URL: https://svnweb.freebsd.org/changeset/ports/429687

Log:
  MFH: r424708

  Update file-roller to 3.20.3.

  PR:		213199
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Security:	ad479f89-9020-11e6-a590-14dae9d210b8
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/archivers/file-roller/Makefile
  branches/2016Q4/archivers/file-roller/distinfo
  branches/2016Q4/archivers/file-roller/pkg-plist
Comment 6 Jason Unovitch freebsd_committer freebsd_triage 2016-12-28 02:32:40 UTC 
Hmmm, looks like we somehow missed the MFH. Fixed and set the Bugzilla tag to match.