Bug 197772 - archivers/unzip: Port should be marked vulnerable to CVE-2015-1315
Summary: archivers/unzip: Port should be marked vulnerable to CVE-2015-1315
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Xin LI
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-17 20:54 UTC by rsimmons0
Modified: 2015-02-17 22:05 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ehaupt)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Bugzilla Automation freebsd_committer freebsd_triage 2015-02-17 20:54:57 UTC 
Auto-assigned to maintainer ehaupt@FreeBSD.org
Comment 2 rsimmons0 2015-02-17 20:56:28 UTC 
I may have time this evening to work up a patch for our port, but I don't have time right this second.
Comment 3 Xin LI freebsd_committer freebsd_triage 2015-02-17 22:03:18 UTC 
Take.
Comment 4 commit-hook freebsd_committer freebsd_triage 2015-02-17 22:03:56 UTC 
A commit references this bug:

Author: delphij
Date: Tue Feb 17 22:03:34 UTC 2015
New revision: 379193
URL: https://svnweb.freebsd.org/changeset/ports/379193

Log:
  Document unzip heap based buffer overflow in iconv patch.

  PR:		ports/197772

Changes:
  head/security/vuxml/vuln.xml
Comment 5 Xin LI freebsd_committer freebsd_triage 2015-02-17 22:05:29 UTC 
I've committed a fix as r379192-379193 and merged to quaterly branch as 379194.