Bug 204413 - archivers/unzip multiple vulnerabilities
Summary: archivers/unzip multiple vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Emanuel Haupt
URL:
Keywords: needs-patch, security
Depends on:
Blocks:
 
Reported: 2015-11-10 01:03 UTC by Sevan Janiyan
Modified: 2016-01-05 13:25 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ehaupt)


Attachments
Patch to fix CVE-2015-7696 and CVE-2015-7697 (3.83 KB, patch)
2016-01-04 14:38 UTC, Emanuel Haupt
no flags Details | Diff
VuXML entry to be added (1.04 KB, text/plain)
2016-01-05 06:01 UTC, Emanuel Haupt
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2015-11-10 01:03:39 UTC
CVE-2015-7696 CVE-2015-7697
Comment 1 Emanuel Haupt freebsd_committer 2016-01-04 14:38:40 UTC
Created attachment 165057 [details]
Patch to fix CVE-2015-7696 and CVE-2015-7697
Comment 2 Mark Felder freebsd_committer 2016-01-05 02:46:05 UTC
Emanual, let me know if you need any assistance with the vuxml entry
Comment 3 Emanuel Haupt freebsd_committer 2016-01-05 06:00:16 UTC
(In reply to Mark Felder from comment #2)
Thank you for the offer to review the VuXML entry. Bernard Spil kindly helped me with the entry (attached). I would appreciate your review.
Comment 4 Emanuel Haupt freebsd_committer 2016-01-05 06:01:17 UTC
Created attachment 165091 [details]
VuXML entry to be added

VuXML entry kindly provided by brnrd
Comment 5 commit-hook freebsd_committer 2016-01-05 13:09:24 UTC
A commit references this bug:

Author: ehaupt
Date: Tue Jan  5 13:08:35 UTC 2016
New revision: 405286
URL: https://svnweb.freebsd.org/changeset/ports/405286

Log:
  Fix multiple vulnerabilities.

  PR:		204413 (based on)
  Notified by:	venture37@geeklan.co.uk
  Security:	CVE-2015-7696, CVE-2015-7697
  MFH:		2016Q1

Changes:
  head/archivers/unzip/Makefile
  head/archivers/unzip/files/patch-crypt.c
  head/archivers/unzip/files/patch-extract.c
Comment 6 commit-hook freebsd_committer 2016-01-05 13:13:26 UTC
A commit references this bug:

Author: ehaupt
Date: Tue Jan  5 13:12:57 UTC 2016
New revision: 405287
URL: https://svnweb.freebsd.org/changeset/ports/405287

Log:
  MFH: r405286

  Fix multiple vulnerabilities.

  PR:		204413 (based on)
  Notified by:	venture37@geeklan.co.uk
  Security:	CVE-2015-7696, CVE-2015-7697
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/archivers/unzip/Makefile
  branches/2016Q1/archivers/unzip/files/patch-crypt.c
  branches/2016Q1/archivers/unzip/files/patch-extract.c