Bug 230183

Summary: japanese/mailman is affected by CVE-2018-13796
Product: Ports & Packages Reporter: Yasuhito FUTATSUKI <freebsd-bug-report-yf>
Component: Individual Port(s)Assignee: TAKATSU Tomonari <tota>
Status: Closed FIXED    
Severity: Affects Some People Flags: bugzilla: maintainer-feedback? (tota)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch to fix CVE-2018-13796 for 2.1.14+j7 none

Description Yasuhito FUTATSUKI 2018-07-30 09:16:17 UTC 
Created attachment 195627 [details]
patch to fix CVE-2018-13796 for 2.1.14+j7

(This is re-submit from Bug #22935 comment #3 and #4)

On Mon, 23 Jul 2018 Mailman 2.1.28 has been released and a vulnerability CVE-2018-13796 has been published.

Mailman 2.1.28 release announcement
<https://www.mail-archive.com/mailman-users@python.org/msg71066.html>
Mailman 2.1.29 releas announcement
<https://www.mail-archive.com/mailman-users@python.org/msg71066.html>
vulnerability detail (launchpad.net, Bug 178074)
https://bugs.launchpad.net/mailman/+bug/1780874

This vulnerability affects mailman 2.1.14+j7. The patch attached in bug report at launchpad.net is one for rev 1768 (between 2.1.26 release and 2.1.27 release) and above, so I've made patch for 2.1.14+j7 (attached patch).
Comment 1 Yasuhito FUTATSUKI 2018-07-30 09:20:43 UTC 
(In reply to Yasuhito FUTATSUKI from comment #0)
> (This is re-submit from Bug #22935 comment #3 and #4)
above is wrong bug Id...

This was a resubmit report of #229351 comment #3 and #4
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-08-30 06:35:06 UTC 
A commit references this bug:

Author: tota
Date: Thu Aug 30 06:34:28 UTC 2018
New revision: 478435
URL: https://svnweb.freebsd.org/changeset/ports/478435

Log:
  - Apply CVE-2018-13796 patch

  PR:		230183
  Submitted by:	Yasuhito FUTATSUKI
  MFH:		2018Q3
  Security:	CVE-2018-13796

Changes:
  head/japanese/mailman/Makefile
  head/japanese/mailman/files/patch-Mailman_Utils.py
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-09-04 03:02:17 UTC 
A commit references this bug:

Author: tota
Date: Tue Sep  4 03:01:22 UTC 2018
New revision: 478924
URL: https://svnweb.freebsd.org/changeset/ports/478924

Log:
  MFH: r478435

  - Apply CVE-2018-13796 patch

  PR:		230183
  Submitted by:	Yasuhito FUTATSUKI
  Security:	CVE-2018-13796
  Approved by:	ports-secteam (miwi@)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/japanese/mailman/Makefile
  branches/2018Q3/japanese/mailman/files/patch-Mailman_Utils.py
Comment 4 TAKATSU Tomonari freebsd_committer freebsd_triage 2018-09-04 03:05:43 UTC 
Committed.
Thanks!