Bug 151364 - update archivers/bzip2 to 1.0.6 to fix CVE-2010-0405
Summary: update archivers/bzip2 to 1.0.6 to fix CVE-2010-0405
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Po-Chuan Hsieh
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-10 15:40 UTC by Eugene Grosbein
Modified: 2010-10-25 17:00 UTC (History)
0 users

See Also:


Attachments
file.diff (875 bytes, patch)
2010-10-10 15:40 UTC, Eugene Grosbein
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Eugene Grosbein 2010-10-10 15:40:01 UTC
	The port archivers/bzip2 still installs version 1.0.5
	that's vulnerable to CVE-2010-0405. Let's move to 1.0.6 containing fix.

How-To-Repeat: 	I still have some remote installations of FreeBSD 4.11-STABLE
	that run rock-stable. Some software (e.g. clamav antivirus) that
	link with libbz2 contain configure script that demonstrate
	segfaults if linked with version before 1.0.6
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2010-10-10 15:40:07 UTC
Maintainer of archivers/bzip2,

Please note that PR ports/151364 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/151364

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2010-10-10 15:40:09 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 Po-Chuan Hsieh freebsd_committer freebsd_triage 2010-10-11 01:57:46 UTC
Responsible Changed
From-To: freebsd-ports-bugs->sunpoet

I'll take it.
Comment 4 jharris 2010-10-23 20:01:49 UTC
On Sun, Oct 10, 2010 at 02:40:07PM +0000, Edwin Groothuis wrote:

> Maintainer of archivers/bzip2,
> 
> Please note that PR ports/151364 has just been submitted.

 
> The full text of the PR can be found at:
>     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/151364


Approved, thanks!

-- 
Jason Harris           |  PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ Got photons? (TM), (C) 2004
Comment 5 dfilter service freebsd_committer freebsd_triage 2010-10-25 16:58:52 UTC
sunpoet     2010-10-25 15:58:47 UTC

  FreeBSD ports repository

  Modified files:
    archivers/bzip2      Makefile distinfo 
  Log:
  - Update to 1.0.6
  
  PR:             ports/151364
  Security:       CVE-2010-0405
  Submitted by:   Eugene Grosbein <eugen@eg.sd.rdtc.ru>
  Approved by:    Jason Harris <jharris@widomaker.com> (maintainer), pgollucci (mentor, implicit)
  
  Revision  Changes    Path
  1.44      +1 -1      ports/archivers/bzip2/Makefile
  1.16      +3 -3      ports/archivers/bzip2/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 6 Po-Chuan Hsieh freebsd_committer freebsd_triage 2010-10-25 16:58:58 UTC
State Changed
From-To: feedback->closed

Committed. Thanks!