Bug 232344

Summary: security/libssh: Update to 0.8.4 (Fixes security vulnerability: CVE-2018-10933)
Product: Ports & Packages Reporter: Kurt Jaeger <pi>
Component: Individual Port(s)Assignee: Mark Felder <feld>
Status: Closed FIXED    
Severity: Affects Only Me CC: feld, pi, ports-secteam
Priority: --- Keywords: security
Version: LatestFlags: bugzilla: maintainer-feedback? (johans)
feld: merge-quarterly-
Hardware: Any   
OS: Any   
URL: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
Bug Depends on: 232376    
Bug Blocks:    
Attachments:
Description Flags
patch none

Description Kurt Jaeger freebsd_committer freebsd_triage 2018-10-17 07:55:04 UTC 
Created attachment 198260 [details]
patch

testbuilds OK on 12a, 11.2a
Comment 1 commit-hook freebsd_committer freebsd_triage 2018-10-17 08:39:42 UTC 
A commit references this bug:

Author: johans
Date: Wed Oct 17 08:39:13 UTC 2018
New revision: 482279
URL: https://svnweb.freebsd.org/changeset/ports/482279

Log:
  Update to 0.8.4 (security update)
  https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/

  PR:		232344
  Submitted by:	pi@

Changes:
  head/security/libssh/Makefile
  head/security/libssh/distinfo
  head/security/libssh/pkg-plist
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-10-17 15:28:38 UTC 
A commit references this bug:

Author: feld
Date: Wed Oct 17 15:28:09 UTC 2018
New revision: 482298
URL: https://svnweb.freebsd.org/changeset/ports/482298

Log:
  security/libssh: Update to 0.7.6 (Fixes security vulnerability: CVE-2018-10933)

  https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/

  PR:		232344

Changes:
  branches/2018Q4/security/libssh/Makefile
  branches/2018Q4/security/libssh/distinfo
  branches/2018Q4/security/libssh/pkg-plist
Comment 3 Mark Felder freebsd_committer freebsd_triage 2018-10-17 15:29:54 UTC 
direct commit to 2018Q4 to resolve the issue with the older version. I think we can close this.
Comment 4 Kurt Jaeger freebsd_committer freebsd_triage 2018-10-17 15:47:48 UTC 
No VuXML ?
Comment 5 commit-hook freebsd_committer freebsd_triage 2018-10-17 15:54:59 UTC 
A commit references this bug:

Author: feld
Date: Wed Oct 17 15:54:16 UTC 2018
New revision: 482299
URL: https://svnweb.freebsd.org/changeset/ports/482299

Log:
  Document libssh vulnerability

  PR:		232344
  Security:	CVE-2018-10933

Changes:
  head/security/vuxml/vuln.xml