Summary: | lang/chicken - multiple vulnerabilities | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Sevan Janiyan <venture37> | ||||
Component: | Individual Port(s) | Assignee: | Jason Unovitch <junovitch> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | feld, junovitch, ports-secteam, vmagerya | ||||
Priority: | --- | Keywords: | security | ||||
Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(vmagerya) junovitch: merge-quarterly+ |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Sevan Janiyan
2017-01-31 03:50:04 UTC
A commit references this bug: Author: feld Date: Sat Feb 4 17:39:45 UTC 2017 New revision: 433330 URL: https://svnweb.freebsd.org/changeset/ports/433330 Log: Document vulnerabilities in chicken PR: 216661 Security: CVE-2016-6830 CVE-2016-6831 Changes: head/security/vuxml/vuln.xml This looks to have been mistakenly closed. Vitaly, do you have an update to 4.12.0 in testing or ready for commit? Created attachment 180526 [details] chicken-4.12.0.diff Yes. Here's the update to 4.12.0. Changelog is at [1]; there's one more CVE fixed in this release that we don't have in vuxml: CVE-2016-9954 (a problem in the regular expression engine, see [2]). [1] https://code.call-cc.org/releases/4.12.0/NEWS [2] http://www.openwall.com/lists/oss-security/2016/12/14/18 A commit references this bug: Author: junovitch Date: Sun Mar 5 16:15:37 UTC 2017 New revision: 435483 URL: https://svnweb.freebsd.org/changeset/ports/435483 Log: lang/chicken: update 4.11.0 -> 4.12.0 PR: 216661 Reported by: sevan Submitted by: Vitaly Magerya <vmagerya@gmail.com> (maintainer) Security: CVE-2016-6830 Security: CVE-2016-6831 Security: CVE-2016-9954 Security: https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html MFH: 2017Q1 Changes: head/lang/chicken/Makefile head/lang/chicken/distinfo A commit references this bug: Author: junovitch Date: Sun Mar 5 16:15:41 UTC 2017 New revision: 435484 URL: https://svnweb.freebsd.org/changeset/ports/435484 Log: Fix PORTEPOCH on Chicken VuXML entry; also additional CVE affecting Chicken PR: 216661 Reported by: sevan, Vitaly Magerya Security: CVE-2016-9954 Security: https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: junovitch Date: Sun Mar 5 16:16:08 UTC 2017 New revision: 435485 URL: https://svnweb.freebsd.org/changeset/ports/435485 Log: MFH: r435483 lang/chicken: update 4.11.0 -> 4.12.0 PR: 216661 Reported by: sevan Submitted by: Vitaly Magerya <vmagerya@gmail.com> (maintainer) Security: CVE-2016-6830 Security: CVE-2016-6831 Security: CVE-2016-9954 Security: https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html Approved by: ports-secteam (with hat) Changes: _U branches/2017Q1/ branches/2017Q1/lang/chicken/Makefile branches/2017Q1/lang/chicken/distinfo Thank you Vitaly! Update has been committed. |