Reference: http://www.openwall.com/lists/oss-security/2016/01/28/12 It looks like we will have to include the parent-auth-hook from http://apache.arvixe.com/hive/hive-parent-auth-hook/, bump portrevision, and document the mitigation steps in VuXML.
I updated hive port to version 2.0, which has this bug fixed as far as I can tell.
A commit references this bug: Author: junovitch Date: Sun Jul 3 19:30:16 UTC 2016 New revision: 417994 URL: https://svnweb.freebsd.org/changeset/ports/417994 Log: Document authorization logic vulnerability in Apache Hive PR: 207173 Security: CVE-2015-7521 Security: https://vuxml.FreeBSD.org/freebsd/a5c204b5-4153-11e6-8dfe-002590263bf5.html Changes: head/security/vuxml/vuln.xml
Fixed since https://svnweb.FreeBSD.org/changeset/ports/410948 as mentioned by Dmitry in comment 1. Did not document the mitigation recommendations since we just jumped right to 2.0.0 in ports so the entry documents < 2.0.0. Delay in PR followup and VuXML is all mine. Sorry for that.