Bug 280956

Summary: textproc/md4c: update 0.4.7 → 0.5.2, fix CVE
Product: Ports & Packages Reporter: Älven <alster>
Component: Individual Port(s)Assignee: Fernando Apesteguía <fernape>
Status: Closed FIXED    
Severity: Affects Only Me CC: fernape, ports-secteam, rosenke, vvd
Priority: --- Keywords: security
Version: LatestFlags: bugzilla: maintainer-feedback? (rosenke)
fernape: merge-quarterly+
Hardware: Any   
OS: Any   
URL: https://github.com/mity/md4c/blob/master/CHANGELOG.md
Attachments:
Description Flags
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2
none
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2
none
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2, fix CVE alster: maintainer-approval? (rosenke)

Description Älven 2024-08-20 23:13:41 UTC 
Created attachment 252965 [details]
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2
Comment 2 Älven 2024-08-21 00:35:45 UTC 
Created attachment 252967 [details]
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2
Comment 3 Älven 2024-08-21 01:53:36 UTC 
Created attachment 252972 [details]
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2, fix CVE
Comment 4 commit-hook freebsd_committer freebsd_triage 2024-08-23 18:03:46 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6b27d9ea72167081d6ddde68ce7458cb199b078b

commit 6b27d9ea72167081d6ddde68ce7458cb199b078b
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-08-23 17:56:57 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-08-23 18:02:45 +0000

    security/vuxml: Record DoS vulnerability for md4c

    PR:     280956
    Reported by: Älven <alster@vinterdalen.se>

 security/vuxml/vuln/2024.xml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
Comment 5 commit-hook freebsd_committer freebsd_triage 2024-08-23 18:11:51 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=156b0ec23240ad23d3786eabf689799c9d919bac

commit 156b0ec23240ad23d3786eabf689799c9d919bac
Author:     Älven <alster@vinterdalen.se>
AuthorDate: 2024-08-23 07:50:19 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-08-23 18:10:57 +0000

    textproc/md4c: update to 0.5.2

    ChangeLog: https://github.com/mity/md4c/blob/master/CHANGELOG.md

    Fixes CVE-2021-30027: DoS with malformed Markdown.

     * Base Score:  5.5 MEDIUM
     * Vector:      CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    PR:             280956
    Reported by:    alster@vinterdalen.se
    MFH:            2024Q3 (security fix)
    Security:       CVE-2021-30027

 textproc/md4c/Makefile  | 7 ++++---
 textproc/md4c/distinfo  | 6 +++---
 textproc/md4c/pkg-plist | 6 ++----
 3 files changed, 9 insertions(+), 10 deletions(-)
Comment 6 Fernando Apesteguía freebsd_committer freebsd_triage 2024-08-23 18:12:41 UTC 
Committed,

Thanks!
Comment 7 commit-hook freebsd_committer freebsd_triage 2024-08-25 11:57:30 UTC 
A commit in branch 2024Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=af64efa400a095b046e061837575f5a829500170

commit af64efa400a095b046e061837575f5a829500170
Author:     Älven <alster@vinterdalen.se>
AuthorDate: 2024-08-23 07:50:19 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-08-25 11:56:30 +0000

    textproc/md4c: update to 0.5.2

    ChangeLog: https://github.com/mity/md4c/blob/master/CHANGELOG.md

    Fixes CVE-2021-30027: DoS with malformed Markdown.

     * Base Score:  5.5 MEDIUM
     * Vector:      CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    PR:             280956
    Reported by:    alster@vinterdalen.se
    MFH:            2024Q3 (security fix)
    Security:       CVE-2021-30027

    (cherry picked from commit 156b0ec23240ad23d3786eabf689799c9d919bac)

 textproc/md4c/Makefile  | 7 ++++---
 textproc/md4c/distinfo  | 6 +++---
 textproc/md4c/pkg-plist | 6 ++----
 3 files changed, 9 insertions(+), 10 deletions(-)