Summary: | mail/sympa: upgrade to 6.2.56 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | William F. Dudley Jr. <wfdudley> | ||||||
Component: | Individual Port(s) | Assignee: | Kurt Jaeger <pi> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Many People | CC: | dgeo, fernape, pi | ||||||
Priority: | --- | Flags: | dgeo:
maintainer-feedback+
pi: merge-quarterly+ |
||||||
Version: | Latest | ||||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
Bug Depends on: | |||||||||
Bug Blocks: | 245672 | ||||||||
Attachments: |
|
Description
William F. Dudley Jr.
2020-05-24 16:34:47 UTC
Created attachment 214878 [details]
svn diff mail/sympa
upgrade to 6.2.56 and fix perms problems of #246702
Created attachment 214880 [details]
svn diff security/vuxml
two vuxml entries affecting < 6.2.56
I can't change to patch-ready… testbuilds@work A commit references this bug: Author: pi Date: Wed May 27 16:02:33 UTC 2020 New revision: 536696 URL: https://svnweb.freebsd.org/changeset/ports/536696 Log: mail/sympa: update 6.2.54 -> 6.2.56, fix security issue - A vulnerability has been discovered in Sympa web interface by which attacker can execute arbitrary code with root privileges. PR: 246701 Submitted by: William F. Dudley Jr. <wfdudley@gmail.com> Approved by: dgeo@centrale-marseille.fr (maintainer) MFH: 2020Q2 Relnotes: https://github.com/sympa-community/sympa/releases/tag/6.2.56 Security: CVE-2020-10936 https://sympa-community.github.io/security/2020-002.html https://github.com/sympa-community/sympa/issues/943 Changes: head/mail/sympa/Makefile head/mail/sympa/distinfo head/mail/sympa/files/pkg-install.in head/mail/sympa/pkg-plist (In reply to geoffroy desvernay from comment #2) Thanks. Please note that entries should be added to the beginning of the vuln.xml file, not the end. I'll work it in, but for future reference... A commit references this bug: Author: pi Date: Wed May 27 16:20:12 UTC 2020 New revision: 536701 URL: https://svnweb.freebsd.org/changeset/ports/536701 Log: security/vuxml: add two entries for mail/sympa PR: 246701 Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> Changes: head/security/vuxml/vuln.xml Committed, thanks! A commit references this bug: Author: pi Date: Wed May 27 16:21:38 UTC 2020 New revision: 536702 URL: https://svnweb.freebsd.org/changeset/ports/536702 Log: MFH: r536696 mail/sympa: update 6.2.54 -> 6.2.56, fix security issue - A vulnerability has been discovered in Sympa web interface by which attacker can execute arbitrary code with root privileges. PR: 246701 Submitted by: William F. Dudley Jr. <wfdudley@gmail.com> Approved by: dgeo@centrale-marseille.fr (maintainer) Relnotes: https://github.com/sympa-community/sympa/releases/tag/6.2.56 Security: CVE-2020-10936 https://sympa-community.github.io/security/2020-002.html https://github.com/sympa-community/sympa/issues/943 Approved by: portmgr (security blanket) Changes: _U branches/2020Q2/ branches/2020Q2/mail/sympa/Makefile branches/2020Q2/mail/sympa/distinfo branches/2020Q2/mail/sympa/files/pkg-install.in branches/2020Q2/mail/sympa/pkg-plist |