Bug 260549

Summary: devel/py-opengrok-tools: Possible security issue: Update to 1.6.9 (>1.6.7?)
Product: Ports & Packages Reporter: Lucas Holt <luke>
Component: Individual Port(s)Assignee: Don Lewis <truckman>
Status: Closed FIXED    
Severity: Affects Many People CC: python, truckman
Priority: Normal Keywords: security
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://github.com/oracle/opengrok/tree/1.7.25/tools
Bug Depends on: 260534    
Bug Blocks:    

Description Lucas Holt 2021-12-19 19:25:23 UTC 
OpenGrok tools allow you to "deploy" a war file for the app rather than using the devel/opengrok port.  This likely means the old version is vulnerable to CVE-2021–2322

It should get updated to at least version 1.6.9.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2021-12-19 20:48:35 UTC 
@Reporter Can you provide upstream and addition references / links with regard to this issue?
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2021-12-19 21:25:32 UTC 
^Triage: opengrok-tools is developed in the same repository as opengrok, and may require matching versions to the underlying opengrok version. Set dependency on the opengrok issue accordingly

Needs confirmation.

Note also: Latest opengrok version is 1.7.25
Comment 3 Don Lewis freebsd_committer freebsd_triage 2022-05-01 20:42:12 UTC 
devel/opengrok has been upgraded to 1.7.31, which is now the latest.
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2022-05-05 00:49:31 UTC 
^Triage: Assign to committer that resolved (via bug 260534)