Summary: | net-p2p/transmission 2.92 vulnerable to CVE-2018-5702 | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | sara.and.zuka+freebsd |
Component: | Individual Port(s) | Assignee: | Chris Rees <crees> |
Status: | Closed FIXED | ||
Severity: | Affects Many People | CC: | debdrup, robin |
Priority: | --- | Flags: | crees:
maintainer-feedback+
|
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
sara.and.zuka+freebsd
2018-02-15 12:51:30 UTC
Lots of trackers are banning this version of transmission, please update to latest version. A commit references this bug: Author: crees Date: Wed Feb 28 21:09:37 UTC 2018 New revision: 463262 URL: https://svnweb.freebsd.org/changeset/ports/463262 Log: net-p2p/transmission-cli: Update to 2.93 - Includes DNS rebinding fix - Fixes OpenSSL 1.1 compat Note that the previous version was no longer vulnerable as FreeBSD had patches, but this reports the correct version to trackers as some were banned. PR: ports/225917 PR: ports/225915 Changes: head/net-p2p/transmission/Makefile head/net-p2p/transmission-cli/Makefile head/net-p2p/transmission-cli/distinfo head/net-p2p/transmission-cli/files/patch-fix_dns_rebinding_vuln head/net-p2p/transmission-daemon/Makefile head/net-p2p/transmission-gtk/Makefile head/net-p2p/transmission-qt4/Makefile head/net-p2p/transmission-qt5/Makefile head/www/transmission-web/Makefile Committed. Bernard, sorry I forgot to credit you; I had actually done this work myself and was testing, but you still deserve credit. I'll follow up to the commit email. |