Bug 223931

Summary: net/xrdp-devel: patch for CVE-2017-16927
Product: Ports & Packages Reporter: Koichiro Iwao <meta>
Component: Individual Port(s)Assignee: Luca Pizzamiglio <pizzamig>
Status: Closed Overcome By Events    
Severity: Affects Some People CC: meta, pizzamig
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
CVE-2017-16927 meta: maintainer-approval+

Description Koichiro Iwao freebsd_committer freebsd_triage 2017-11-28 01:55:19 UTC 
Created attachment 188345 [details]
CVE-2017-16927

ref. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16927
Comment 1 Koichiro Iwao freebsd_committer freebsd_triage 2017-11-28 02:22:33 UTC 
Patch obtained from upstream: https://github.com/neutrinolabs/xrdp/pull/958
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-11-30 10:13:00 UTC 
A commit references this bug:

Author: pizzamig
Date: Thu Nov 30 10:12:27 UTC 2017
New revision: 455190
URL: https://svnweb.freebsd.org/changeset/ports/455190

Log:
  security/vuxml: Document vulnerability in net/xrdp-devel

  PR:		223931
  Reported by:	meta+ports@vmeta.jp (maintainer)
  Security:	CVE-2017-16927

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-11-30 10:17:06 UTC 
A commit references this bug:

Author: pizzamig
Date: Thu Nov 30 10:16:09 UTC 2017
New revision: 455191
URL: https://svnweb.freebsd.org/changeset/ports/455191

Log:
  net/xrdp-devel: Fix CVE-2017-16927

  Fix CVE-2017-16927
  Patch from upstream: https://github.com/neutrinolabs/xrdp/pull/958

  PR:		223931
  Submitted by:	meta+ports@vmeta.jp (maintainer)
  MFH:		2017Q4
  Security:	CVE-2017-16927

Changes:
  head/net/xrdp-devel/Makefile
  head/net/xrdp-devel/files/patch-CVE-2017-16927
Comment 4 Luca Pizzamiglio freebsd_committer freebsd_triage 2018-01-02 11:40:37 UTC 
The fix was committed in trunk and now also in quarterly 2018Q1.
Thanks for the patch!