Bug 216661

Summary:

lang/chicken - multiple vulnerabilities

Product:

Ports & Packages

Reporter:

Sevan Janiyan <venture37>

Component:

Individual Port(s)

Assignee:

Jason Unovitch <junovitch>

Status:

Closed FIXED

Severity:

Affects Only Me

CC:

feld, junovitch, ports-secteam, vmagerya

Priority:

---

Keywords:

security

Version:

Latest

Flags:

bugzilla: maintainer-feedback? (vmagerya)
junovitch: merge-quarterly+

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
chicken-4.12.0.diff	none

Description Sevan Janiyan 2017-01-31 03:50:04 UTC

also missing vuxml entries
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6830
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6831

Comment 1 commit-hook freebsd_committer

2017-02-04 17:40:33 UTC

A commit references this bug:

Author: feld
Date: Sat Feb  4 17:39:45 UTC 2017
New revision: 433330
URL: https://svnweb.freebsd.org/changeset/ports/433330

Log:
  Document vulnerabilities in chicken

  PR:		216661
  Security:	CVE-2016-6830 CVE-2016-6831

Changes:
  head/security/vuxml/vuln.xml

Comment 2 Jason Unovitch freebsd_committer

2017-03-05 02:59:00 UTC

This looks to have been mistakenly closed. Vitaly, do you have an update to 4.12.0 in testing or ready for commit?

Comment 3 Vitaly Magerya 2017-03-05 08:13:21 UTC

Created attachment 180526 [details]
chicken-4.12.0.diff

Yes. Here's the update to 4.12.0.

Changelog is at [1]; there's one more CVE fixed in this release that we don't have in vuxml: CVE-2016-9954 (a problem in the regular expression engine, see [2]).

[1] https://code.call-cc.org/releases/4.12.0/NEWS
[2] http://www.openwall.com/lists/oss-security/2016/12/14/18

Comment 4 commit-hook freebsd_committer

2017-03-05 16:15:52 UTC

A commit references this bug:

Author: junovitch
Date: Sun Mar  5 16:15:37 UTC 2017
New revision: 435483
URL: https://svnweb.freebsd.org/changeset/ports/435483

Log:
  lang/chicken: update 4.11.0 -> 4.12.0

  PR:		216661
  Reported by:	sevan
  Submitted by:	Vitaly Magerya <vmagerya@gmail.com> (maintainer)
  Security:	CVE-2016-6830
  Security:	CVE-2016-6831
  Security:	CVE-2016-9954
  Security:	https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html
  MFH:		2017Q1

Changes:
  head/lang/chicken/Makefile
  head/lang/chicken/distinfo

Comment 5 commit-hook freebsd_committer

2017-03-05 16:15:54 UTC

A commit references this bug:

Author: junovitch
Date: Sun Mar  5 16:15:41 UTC 2017
New revision: 435484
URL: https://svnweb.freebsd.org/changeset/ports/435484

Log:
  Fix PORTEPOCH on Chicken VuXML entry; also additional CVE affecting Chicken

  PR:		216661
  Reported by:	sevan, Vitaly Magerya
  Security:	CVE-2016-9954
  Security:	https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html

Changes:
  head/security/vuxml/vuln.xml

Comment 6 commit-hook freebsd_committer

2017-03-05 16:16:57 UTC

A commit references this bug:

Author: junovitch
Date: Sun Mar  5 16:16:08 UTC 2017
New revision: 435485
URL: https://svnweb.freebsd.org/changeset/ports/435485

Log:
  MFH: r435483

  lang/chicken: update 4.11.0 -> 4.12.0

  PR:		216661
  Reported by:	sevan
  Submitted by:	Vitaly Magerya <vmagerya@gmail.com> (maintainer)
  Security:	CVE-2016-6830
  Security:	CVE-2016-6831
  Security:	CVE-2016-9954
  Security:	https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/lang/chicken/Makefile
  branches/2017Q1/lang/chicken/distinfo

Comment 7 Jason Unovitch freebsd_committer

2017-03-05 16:17:44 UTC

Thank you Vitaly! Update has been committed.