Bug 206072 - textproc/py-pygments: Add patch for CVE-2015-8557
Summary: textproc/py-pygments: Add patch for CVE-2015-8557
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Raphael Kubo da Costa
URL: https://web.nvd.nist.gov/view/vuln/de...
Keywords: security
Depends on:
Blocks:
 
Reported: 2016-01-09 13:53 UTC by Raphael Kubo da Costa
Modified: 2016-01-17 12:05 UTC (History)
5 users (show)

See Also:
rakuco: maintainer-feedback-


Attachments
Proposed patch (2.64 KB, patch)
2016-01-09 13:53 UTC, Raphael Kubo da Costa
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Raphael Kubo da Costa freebsd_committer freebsd_triage 2016-01-09 13:53:24 UTC
Created attachment 165313 [details]
Proposed patch

The attached patch fixes a shell injection vulnerability that I've already documented in vuln.xml. More information here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8557
Comment 1 Raphael Kubo da Costa freebsd_committer freebsd_triage 2016-01-11 21:09:48 UTC
ping ports-secteam?
Comment 2 Christian Schwarz 2016-01-17 11:28:32 UTC
(In reply to Raphael Kubo da Costa from comment #1)

Bump. This vulnerability has been around for more than a week now.
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2016-01-17 11:59:11 UTC
Already added to VuXML:

http://www.vuxml.org/freebsd/5f276780-b6ce-11e5-9731-5453ed2e2b49.html
Comment 4 Martin Wilke freebsd_committer freebsd_triage 2016-01-17 12:01:06 UTC
Please go with this patch.

Approved with my ports-secteam hat.
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-01-17 12:04:11 UTC
A commit references this bug:

Author: rakuco
Date: Sun Jan 17 12:03:37 UTC 2016
New revision: 406304
URL: https://svnweb.freebsd.org/changeset/ports/406304

Log:
  Add upstream patch to fix CVE-2015-8557.

  PR:		206072
  Approved by:	ports-secteam (miwi)
  Security:	5f276780-b6ce-11e5-9731-5453ed2e2b49

Changes:
  head/textproc/py-pygments/Makefile
  head/textproc/py-pygments/files/
  head/textproc/py-pygments/files/patch-CVE-2015-8557
Comment 6 commit-hook freebsd_committer freebsd_triage 2016-01-17 12:05:14 UTC
A commit references this bug:

Author: rakuco
Date: Sun Jan 17 12:04:48 UTC 2016
New revision: 406305
URL: https://svnweb.freebsd.org/changeset/ports/406305

Log:
  MFH: r406304

  Add upstream patch to fix CVE-2015-8557.

  PR:		206072
  Approved by:	ports-secteam (miwi)
  Security:	5f276780-b6ce-11e5-9731-5453ed2e2b49

  Approved by:	portmgr blanket approval

Changes:
_U  branches/2016Q1/
  branches/2016Q1/textproc/py-pygments/Makefile
  branches/2016Q1/textproc/py-pygments/files/