Bug 216665

Summary:	www/ikiwiki - multiple vulnerabilities
Product:	Ports & Packages	Reporter:	Sevan Janiyan <venture37>
Component:	Individual Port(s)	Assignee:	Jason Unovitch <junovitch>
Status:	Closed FIXED
Severity:	Affects Some People	CC:	junovitch, ports-secteam
Priority:	---	Keywords:	security
Version:	Latest
Hardware:	Any
OS:	Any

Description Sevan Janiyan 2017-01-31 04:04:34 UTC

vulnerable & missing vuxml entries
https://ikiwiki.info/security/#index46h2
https://ikiwiki.info/security/#index47h2
https://ikiwiki.info/security/#index48h2

Comment 1 Mathieu Arnold freebsd_committer

2017-01-31 09:34:42 UTC

over to the ports-secteam

Comment 2 commit-hook freebsd_committer

2017-03-05 03:18:50 UTC

A commit references this bug:

Author: junovitch
Date: Sun Mar  5 03:18:06 UTC 2017
New revision: 435444
URL: https://svnweb.freebsd.org/changeset/ports/435444

Log:
  Document ikiwiki vulnerabilities

  PR:		216665
  Reported by:	sevan
  Security:	CVE-2016-9645
  Security:	CVE-2016-10026
  Security:	CVE-2017-0356
  Security:	https://vuxml.FreeBSD.org/freebsd/5ed094a0-0150-11e7-ae1b-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/7b35a77a-0151-11e7-ae1b-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml

Comment 3 Jason Unovitch freebsd_committer

2017-03-05 03:20:45 UTC

Sevan,
Thanks again. issues are documented and the missing merge is in https://svnweb.FreeBSD.org/changeset/ports/435445 to address the latest issue.

Comment 4 commit-hook freebsd_committer

2017-03-05 03:25:58 UTC

A commit references this bug:

Author: junovitch
Date: Sun Mar  5 03:25:10 UTC 2017
New revision: 435446
URL: https://svnweb.freebsd.org/changeset/ports/435446

Log:
  Add missing reference to last commit for ikiwiki vulnerabilities

  PR:		216665
  Reported by:	sevan
  Security:	CVE-2016-9646
  Security:	https://vuxml.FreeBSD.org/freebsd/5ed094a0-0150-11e7-ae1b-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml