Summary: | www/h2o: patch CVE-2016-7835 & add security/vuxml entry | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Dave Cottlehuber <dch> | ||||
Component: | Individual Port(s) | Assignee: | Bernard Spil <brnrd> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | dch, junovitch, ports-secteam | ||||
Priority: | --- | Flags: | junovitch:
maintainer-feedback+
junovitch: merge-quarterly+ |
||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Dave Cottlehuber
2016-12-26 19:01:09 UTC
A commit references this bug: Author: brnrd Date: Thu Dec 29 13:08:33 UTC 2016 New revision: 429906 URL: https://svnweb.freebsd.org/changeset/ports/429906 Log: security/vuxml: Document h2o vulnerability PR: 215587 Submitted by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer) Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: brnrd Date: Thu Dec 29 13:24:01 UTC 2016 New revision: 429910 URL: https://svnweb.freebsd.org/changeset/ports/429910 Log: www/h2o: Fix Use-after-free vulnerability - Fix duplicate PORTREVISION assignment - Register OpenSSL dependency when LIBRESSL is OFF PR: 215587 Submitted by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer) MFH: 2016Q4 Security: d0b12952-cb86-11e6-906f-0cc47a065786 Security: CVE-2016-7835 Changes: head/www/h2o/Makefile head/www/h2o/files/patch-lib_core_request.c head/www/h2o/files/patch-lib_http2_connection.c Sorry for the delay on MFH approval. This is fixed in the currently supported 2017Q1 branch, as such considering this merge-quarterly+ and assigning it to you Bernard as the actioning committer. |