Bug 209534 - net/openafs - multiple vulnerabilities
Summary: net/openafs - multiple vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Benjamin Kaduk
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2016-05-16 02:04 UTC by Sevan Janiyan
Modified: 2016-06-05 18:07 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (bjk)
junovitch: merge-quarterly+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Benjamin Kaduk freebsd_committer freebsd_triage 2016-05-16 02:08:12 UTC
I hope to have time to pull in 1.6.18 soon, which includes those fixes.
Comment 2 Sevan Janiyan 2016-05-16 02:12:18 UTC
vuxml entry in the meantime as a heads up?
Comment 3 Sevan Janiyan 2016-05-16 02:20:17 UTC
(In reply to Sevan Janiyan from comment #0)

CVE-2016-4536 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4536
Comment 4 Benjamin Kaduk freebsd_committer freebsd_triage 2016-05-17 03:12:44 UTC
Diff to update the port to 1.6.18 is at https://people.freebsd.org/~bjk/openafs-1.6.18.diff
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-05-27 00:06:06 UTC
A commit references this bug:

Author: bjk
Date: Fri May 27 00:05:07 UTC 2016
New revision: 415920
URL: https://svnweb.freebsd.org/changeset/ports/415920

Log:
  Update net/openafs to upstream 1.6.18

  This includes the changes in 1.6.17, a security release.

  PR:		209534
  Approved by:	mat (ports committer)
  Security:	CVE-2016-2860

Changes:
  head/net/openafs/Makefile
  head/net/openafs/distinfo
Comment 6 commit-hook freebsd_committer freebsd_triage 2016-06-05 18:04:17 UTC
A commit references this bug:

Author: junovitch
Date: Sun Jun  5 18:04:12 UTC 2016
New revision: 416410
URL: https://svnweb.freebsd.org/changeset/ports/416410

Log:
  Document OpenAFS vulnerabilities in 1.6.16 and 1.6.17

  PR:		209534
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Security:	CVE-2015-8312
  Security:	CVE-2016-2860
  Security:	CVE-2016-4536
  Security:	https://vuxml.FreeBSD.org/freebsd/2e8fe57e-2b46-11e6-ae88-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/bcbd3fe0-2b46-11e6-ae88-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 7 commit-hook freebsd_committer freebsd_triage 2016-06-05 18:06:19 UTC
A commit references this bug:

Author: junovitch
Date: Sun Jun  5 18:05:46 UTC 2016
New revision: 416411
URL: https://svnweb.freebsd.org/changeset/ports/416411

Log:
  MFH: r415920

  Update net/openafs to upstream 1.6.18

  This includes the changes in 1.6.17, a security release.

  PR:		209534
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Security:	CVE-2015-8312
  Security:	CVE-2016-2860
  Security:	CVE-2016-4536
  Security:	https://vuxml.FreeBSD.org/freebsd/2e8fe57e-2b46-11e6-ae88-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/bcbd3fe0-2b46-11e6-ae88-002590263bf5.html
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q2/
  branches/2016Q2/net/openafs/Makefile
  branches/2016Q2/net/openafs/distinfo
Comment 8 Jason Unovitch freebsd_committer freebsd_triage 2016-06-05 18:07:24 UTC
bjk@, please don't forget the MFH: tag on the next security update.