Summary: | sysutils/file: Update to 5.37, Fix CVE-2019-18218 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Nathan <ndowens04> | ||||||
Component: | Individual Port(s) | Assignee: | Raphael Kubo da Costa <rakuco> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Many People | CC: | jharris, ports-secteam, rakuco | ||||||
Priority: | Normal | Keywords: | buildisok, security | ||||||
Version: | Latest | Flags: | jharris:
maintainer-feedback+
koobs: merge-quarterly? |
||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
URL: | https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 | ||||||||
Attachments: |
|
Description
Nathan
2019-10-22 22:09:07 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/90736914 Hold off on this patch, noticed one thing I have to fix in the patch, will fix soon :) Nervermind, relooking at it, and retesting patch, it does apply correctly after all, so feel free to continue ^Triage: Pending VuXML entry Created attachment 208539 [details]
VuXML entry
Approved, albeit without personally testing. Thanks! A commit references this bug: Author: rakuco Date: Sat Nov 2 12:19:34 UTC 2019 New revision: 516308 URL: https://svnweb.freebsd.org/changeset/ports/516308 Log: Add entry for heap buffer overflow in sysutils/file. PR: 241424 Submitted by: Nathan Owens <ndowens04@gmail.com> Approved by: jharris@widomaker.com (maintainer) Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: rakuco Date: Sat Nov 2 12:23:41 UTC 2019 New revision: 516311 URL: https://svnweb.freebsd.org/changeset/ports/516311 Log: Update to 5.37 with patch for CVE-2019-18218. PR: 241424 Submitted by: Nathan Owens <ndowens04@gmail.com> Approved by: jharris@widomaker.com (maintainer) MFH: 2019Q4 Security: 381deebb-f5c9-11e9-9c4f-74d435e60b7c Changes: head/sysutils/file/Makefile head/sysutils/file/distinfo head/sysutils/file/files/ head/sysutils/file/files/patch-src_cdf.c head/sysutils/file/files/patch-src_cdf.h A commit references this bug: Author: rakuco Date: Sat Nov 2 12:26:06 UTC 2019 New revision: 516312 URL: https://svnweb.freebsd.org/changeset/ports/516312 Log: Adjust entry 381deebb-f5c9-11e9-9c4f-74d435e60b7c for sysutils/file. Upstream version 5.37 is vulnerable, but the update to 5.37 in the ports tree was landed with a fix for the CVE entry. PR: 241424 Changes: head/security/vuxml/vuln.xml Thank you! A commit references this bug: Author: rakuco Date: Sun Nov 3 11:53:37 UTC 2019 New revision: 516412 URL: https://svnweb.freebsd.org/changeset/ports/516412 Log: MFH: r516311 Update to 5.37 with patch for CVE-2019-18218. PR: 241424 Submitted by: Nathan Owens <ndowens04@gmail.com> Approved by: jharris@widomaker.com (maintainer) Security: 381deebb-f5c9-11e9-9c4f-74d435e60b7c Approved by: ports-secteam (miwi) Changes: _U branches/2019Q4/ branches/2019Q4/sysutils/file/Makefile branches/2019Q4/sysutils/file/distinfo branches/2019Q4/sysutils/file/files/ |