Bug 216661

Summary: lang/chicken - multiple vulnerabilities
Product: Ports & Packages Reporter: Sevan Janiyan <venture37>
Component: Individual Port(s)Assignee: Jason Unovitch <junovitch>
Status: Closed FIXED    
Severity: Affects Only Me CC: feld, junovitch, ports-secteam, vmagerya
Priority: --- Keywords: security
Version: LatestFlags: bugzilla: maintainer-feedback? (vmagerya)
junovitch: merge-quarterly+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
chicken-4.12.0.diff none

Comment 1 commit-hook freebsd_committer 2017-02-04 17:40:33 UTC
A commit references this bug:

Author: feld
Date: Sat Feb  4 17:39:45 UTC 2017
New revision: 433330
URL: https://svnweb.freebsd.org/changeset/ports/433330

Log:
  Document vulnerabilities in chicken

  PR:		216661
  Security:	CVE-2016-6830 CVE-2016-6831

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Jason Unovitch freebsd_committer 2017-03-05 02:59:00 UTC
This looks to have been mistakenly closed. Vitaly, do you have an update to 4.12.0 in testing or ready for commit?
Comment 3 Vitaly Magerya 2017-03-05 08:13:21 UTC
Created attachment 180526 [details]
chicken-4.12.0.diff

Yes. Here's the update to 4.12.0.

Changelog is at [1]; there's one more CVE fixed in this release that we don't have in vuxml: CVE-2016-9954 (a problem in the regular expression engine, see [2]).

[1] https://code.call-cc.org/releases/4.12.0/NEWS
[2] http://www.openwall.com/lists/oss-security/2016/12/14/18
Comment 4 commit-hook freebsd_committer 2017-03-05 16:15:52 UTC
A commit references this bug:

Author: junovitch
Date: Sun Mar  5 16:15:37 UTC 2017
New revision: 435483
URL: https://svnweb.freebsd.org/changeset/ports/435483

Log:
  lang/chicken: update 4.11.0 -> 4.12.0

  PR:		216661
  Reported by:	sevan
  Submitted by:	Vitaly Magerya <vmagerya@gmail.com> (maintainer)
  Security:	CVE-2016-6830
  Security:	CVE-2016-6831
  Security:	CVE-2016-9954
  Security:	https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html
  MFH:		2017Q1

Changes:
  head/lang/chicken/Makefile
  head/lang/chicken/distinfo
Comment 5 commit-hook freebsd_committer 2017-03-05 16:15:54 UTC
A commit references this bug:

Author: junovitch
Date: Sun Mar  5 16:15:41 UTC 2017
New revision: 435484
URL: https://svnweb.freebsd.org/changeset/ports/435484

Log:
  Fix PORTEPOCH on Chicken VuXML entry; also additional CVE affecting Chicken

  PR:		216661
  Reported by:	sevan, Vitaly Magerya
  Security:	CVE-2016-9954
  Security:	https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html

Changes:
  head/security/vuxml/vuln.xml
Comment 6 commit-hook freebsd_committer 2017-03-05 16:16:57 UTC
A commit references this bug:

Author: junovitch
Date: Sun Mar  5 16:16:08 UTC 2017
New revision: 435485
URL: https://svnweb.freebsd.org/changeset/ports/435485

Log:
  MFH: r435483

  lang/chicken: update 4.11.0 -> 4.12.0

  PR:		216661
  Reported by:	sevan
  Submitted by:	Vitaly Magerya <vmagerya@gmail.com> (maintainer)
  Security:	CVE-2016-6830
  Security:	CVE-2016-6831
  Security:	CVE-2016-9954
  Security:	https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/lang/chicken/Makefile
  branches/2017Q1/lang/chicken/distinfo
Comment 7 Jason Unovitch freebsd_committer 2017-03-05 16:17:44 UTC
Thank you Vitaly! Update has been committed.