Bug 211206 - www/nextcloud: Update to 9.0.53 (Fixes security vulnerability: https://httpoxy.org/#cve)
Summary: www/nextcloud: Update to 9.0.53 (Fixes security vulnerability: https://httpox...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kurt Jaeger
URL:
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2016-07-18 18:00 UTC by Kurt Jaeger
Modified: 2016-07-26 14:01 UTC (History)
4 users (show)

See Also:
loic.blot: maintainer-feedback+
feld: merge-quarterly+

Attachments
patch (1.09 KB, patch)
2016-07-18 18:00 UTC, Kurt Jaeger 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kurt Jaeger freebsd_committer freebsd_triage 2016-07-18 18:00:19 UTC 
Created attachment 172673 [details]
patch

See below, testbuild is OK
Comment 1 loic.blot 2016-07-18 20:13:36 UTC 
I test it now
Comment 2 loic.blot 2016-07-18 21:27:05 UTC 
Thanks Kurt, it's okay for me you can push
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-07-19 04:14:14 UTC 
A commit references this bug:

Author: pi
Date: Tue Jul 19 04:13:46 UTC 2016
New revision: 418759
URL: https://svnweb.freebsd.org/changeset/ports/418759

Log:
  www/nextcloud: 9.0.52 -> 9.0.53

  - Guzzle 5 is shipped as part of Nextcloud and can be abused,
    in some special scenarios

  PR:		211206
  Approved by:	Loic Blot <loic.blot@unix-experience.fr> (maintainer)
  MFH:		2016Q3
  Changes:	https://nextcloud.com/httpoxy-can-affect-nextcloud-get-your-update-now/
  Security:	https://httpoxy.org/

Changes:
  head/www/nextcloud/Makefile
  head/www/nextcloud/distinfo
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-07-26 14:01:10 UTC 
A commit references this bug:

Author: feld
Date: Tue Jul 26 14:00:23 UTC 2016
New revision: 419110
URL: https://svnweb.freebsd.org/changeset/ports/419110

Log:
  MFH: r418724 r418759

  www/nextcloud: 9.0.51 -> 9.0.52

  www/nextcloud: 9.0.52 -> 9.0.53

  - Guzzle 5 is shipped as part of Nextcloud and can be abused,
    in some special scenarios

  PR:		211206
  Changes:	https://nextcloud.com/httpoxy-can-affect-nextcloud-get-your-update-now/
  Security:	https://httpoxy.org/

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q3/
  branches/2016Q3/www/nextcloud/Makefile
  branches/2016Q3/www/nextcloud/distinfo
  branches/2016Q3/www/nextcloud/pkg-plist