Bug 228141

Summary: audio/wavpack: Add patches to fix multiple vulnerabilities and etc.
Product: Ports & Packages Reporter: Yasuhiro KIMURA <yasu>
Component: Individual Port(s)Assignee: Thomas Zander <riggs>
Status: Closed FIXED    
Severity: Affects Some People CC: riggs
Priority: --- Keywords: patch
Version: LatestFlags: riggs: maintainer-feedback+
riggs: merge-quarterly+
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228146
Attachments:
Description Flags
patch file none

Description Yasuhiro KIMURA 2018-05-11 07:44:24 UTC
Created attachment 193268 [details]
patch file

* Add upstream patches to fix following vulnerabilities.
  - CVE-2018-6767
  - CVE-2018-7253
  - CVE-2018-7254
  - CVE-2018-10536
  - CVE-2018-10537
  - CVE-2018-10538
  - CVE-2018-10539
  - CVE-2018-10540
* Add upstream patch to fix memory leak.
* Bump PORTREVISION.
Comment 1 Yasuhiro KIMURA 2018-05-11 08:33:29 UTC
(In reply to Yasuhiro KIMURA from comment #0)

I submitted bug #228146. It adds entry to VuXML documenting vulnerabilities fixed with this bug report. So please commit it together.
Comment 2 commit-hook freebsd_committer 2018-05-13 07:50:32 UTC
A commit references this bug:

Author: riggs
Date: Sun May 13 07:50:15 UTC 2018
New revision: 469778
URL: https://svnweb.freebsd.org/changeset/ports/469778

Log:
  Fix multiple CVEs and memory leaks

  Details:
  - Import patches from upstream HEAD to address
    a bunch of critical CVEs including potential remote
    code execution and memory leaks

  PR:		228141
  Submitted by:	yasu@utahime.org
  MFH:		2018Q2
  Security:	CVE-2018-6767
  		CVE-2018-7253
  		CVE-2018-7254
  		CVE-2018-10536
  		CVE-2018-10537
  		CVE-2018-10538
  		CVE-2018-10539
  		CVE-2018-10540

Changes:
  head/audio/wavpack/Makefile
  head/audio/wavpack/files/patch-CVE-2018-10536_10537
  head/audio/wavpack/files/patch-CVE-2018-10538_10539_10540
  head/audio/wavpack/files/patch-CVE-2018-6767
  head/audio/wavpack/files/patch-CVE-2018-7253
  head/audio/wavpack/files/patch-CVE-2018-7254
  head/audio/wavpack/files/patch-fix-memory-leaks
Comment 3 commit-hook freebsd_committer 2018-05-13 09:39:44 UTC
A commit references this bug:

Author: riggs
Date: Sun May 13 09:39:18 UTC 2018
New revision: 469785
URL: https://svnweb.freebsd.org/changeset/ports/469785

Log:
  MFH: r469778

  Fix multiple CVEs and memory leaks

  Details:
  - Import patches from upstream HEAD to address
    a bunch of critical CVEs including potential remote
    code execution and memory leaks

  PR:		228141
  Submitted by:	yasu@utahime.org
  Security:	CVE-2018-6767
  		CVE-2018-7253
  		CVE-2018-7254
  		CVE-2018-10536
  		CVE-2018-10537
  		CVE-2018-10538
  		CVE-2018-10539
  		CVE-2018-10540

  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2018Q2/
  branches/2018Q2/audio/wavpack/Makefile
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-10536_10537
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-10538_10539_10540
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-6767
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-7253
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-7254
  branches/2018Q2/audio/wavpack/files/patch-fix-memory-leaks