Bug 277692

Summary: net/quiche: update to 0.20.1 (fixes 2 CVE's)
Product: Ports & Packages Reporter: Ralf van der Enden <tremere>
Component: Individual Port(s)Assignee: Fernando Apesteguía <fernape>
Status: Closed FIXED    
Severity: Affects Many People CC: fernape, junho.choi, ports-secteam
Priority: --- Flags: junho.choi: maintainer-feedback+
tremere: maintainer-feedback?
tremere: merge-quarterly?
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://github.com/cloudflare/quiche/releases/tag/0.20.1
Bug Depends on:    
Bug Blocks: 277468    
Attachments:
Description Flags
Update quiche to 0.20.1
fernape: maintainer-approval+
Add entry to VuXML for quiche none

Description Ralf van der Enden 2024-03-14 13:42:14 UTC

    
Comment 1 Ralf van der Enden 2024-03-14 13:44:13 UTC
Created attachment 249158 [details]
Update quiche to 0.20.1
Comment 2 Junho Choi 2024-03-15 04:48:42 UTC
LGTM. Thanks
Comment 3 Ralf van der Enden 2024-03-26 10:22:57 UTC
Created attachment 249492 [details]
Add entry to VuXML for quiche
Comment 4 commit-hook freebsd_committer freebsd_triage 2024-03-29 17:47:33 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=cb4b734b55c9805e5c9263913d6697b3e5c30135

commit cb4b734b55c9805e5c9263913d6697b3e5c30135
Author:     Ralf van der Enden <tremere@cainites.net>
AuthorDate: 2024-03-29 17:45:22 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-03-29 17:45:22 +0000

    security/vuxml: Register net/quiche vulnerabilities

    PR:             277692
    Reported by:    Ralf van der Enden <tremere@cainites.net>
    Approved by:    junho.choi@gmail.com (maintainer)

 security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
Comment 5 Fernando Apesteguía freebsd_committer freebsd_triage 2024-03-29 17:50:17 UTC
Committed,

Thanks!
Comment 6 commit-hook freebsd_committer freebsd_triage 2024-03-29 17:50:35 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0e1153d3a54a948a42504816c4b43eacc7805bd7

commit 0e1153d3a54a948a42504816c4b43eacc7805bd7
Author:     Junho Choi <junho.choi@gmail.com>
AuthorDate: 2024-03-26 18:58:00 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-03-29 17:47:44 +0000

    net/quiche: update to 0.20.1

    Fixes security issues.

     * CVE-2024-1410
             * Base Score:  N/A
             * Vector:  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

     * CVE-2024-1765
            * Base Score:  N/A
            * Vector:  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

    PR:             277692
    Reported by:    Ralf van der Enden <tremere@cainites.net>
    Approved by:    junho.choi@gmail.com (maintainer)
    Security:       CVE-2024-1410 CVE-2024-1765

 net/quiche/Makefile | 3 +--
 net/quiche/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)