Bug 226088
| Summary: | devel/cvs: Import inofficial patch to fix CVE-2017-12836 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Fabian Keil <fk> | ||||
| Component: | Individual Port(s) | Assignee: | Thomas Zander <riggs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Some People | CC: | riggs | ||||
| Priority: | --- | Keywords: | patch, patch-ready | ||||
| Version: | Latest | Flags: | riggs:
merge-quarterly+
|
||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Fabian Keil
2018-02-21 09:55:29 UTC
A commit references this bug: Author: riggs Date: Sat Feb 24 08:54:57 UTC 2018 New revision: 462776 URL: https://svnweb.freebsd.org/changeset/ports/462776 Log: Fix ssh injection vulnerability from CVE-2017-12836 Details: - Adopt patch from debian, documented in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810#10 PR: 226088 Submitted by: fk@fabiankeil.de MFH: 2018Q1 Security: CVE-2017-12836 Changes: head/devel/cvs/Makefile head/devel/cvs/files/patch-src-client.c A commit references this bug: Author: riggs Date: Sat Feb 24 08:57:21 UTC 2018 New revision: 462777 URL: https://svnweb.freebsd.org/changeset/ports/462777 Log: MFH: r462776 Fix ssh injection vulnerability from CVE-2017-12836 Details: - Adopt patch from debian, documented in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810#10 PR: 226088 Submitted by: fk@fabiankeil.de Security: CVE-2017-12836 Approved by: ports-secteam (riggs) Changes: _U branches/2018Q1/ branches/2018Q1/devel/cvs/Makefile branches/2018Q1/devel/cvs/files/patch-src-client.c A commit references this bug: Author: riggs Date: Sat Feb 24 09:14:44 UTC 2018 New revision: 462782 URL: https://svnweb.freebsd.org/changeset/ports/462782 Log: Document ssh injection vulnerability in devel/cvs PR: 226088 Reported by: fk@fabiankeil.de Security: CVE-2017-12836 Changes: head/security/vuxml/vuln.xml |
