Bug 260854
| Summary: | devel/ghidra: Outdated and vulnerable to RCE | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Cameron Katri <me+fbsd> |
| Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | CC: | arved, fernape, sghctoma, vvd |
| Priority: | --- | Keywords: | needs-patch |
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(sghctoma) |
| Hardware: | Any | ||
| OS: | Any | ||
| See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280378 | ||
|
Description
Cameron Katri
2022-01-01 02:52:38 UTC
Doesn't this affect only Windows systems? https://github.com/NationalSecurityAgency/ghidra/issues/286 Cheers. I was talking about Log4Shell, here's a proof of concept https://github.com/zhuowei/GhidraLog4Shell. But 9.1 is still an older version, even if you ignore the security vulnerabilities. (In reply to Cameron Katri from comment #2) Absolutely. Just it might not be as important having an outdated port than having an outdated port that poses a security risk. Thanks for the report. A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2ea61fba9e948f627fd88f2318d82b20741f775d commit 2ea61fba9e948f627fd88f2318d82b20741f775d Author: Tilman Keskinoz <arved@FreeBSD.org> AuthorDate: 2024-02-06 21:22:24 +0000 Commit: Tilman Keskinoz <arved@FreeBSD.org> CommitDate: 2024-02-06 21:26:10 +0000 devel/ghidra: Mark FORBIDDEN contains a RCE PR: 260854 Submitted by: Cameron Katri Security: https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-j3xg-fc2p-4jc4 devel/ghidra/Makefile | 1 + 1 file changed, 1 insertion(+) Since there hasn't been any interest in updating the port to the latest version, I have marked it FORBBIDDEN Can I change maintainer? gatekeeper create PR with update https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280378 And ask me in Discord about maintainership of this port. |
