Bug 211206 - www/nextcloud: Update to 9.0.53 (Fixes security vulnerability: https://httpoxy.org/#cve)
Summary: www/nextcloud: Update to 9.0.53 (Fixes security vulnerability: https://httpox...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kurt Jaeger
URL:
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2016-07-18 18:00 UTC by Kurt Jaeger
Modified: 2016-07-26 14:01 UTC (History)
4 users (show)

See Also:
loic.blot: maintainer-feedback+
feld: merge-quarterly+


Attachments
patch (1.09 KB, patch)
2016-07-18 18:00 UTC, Kurt Jaeger
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Kurt Jaeger freebsd_committer 2016-07-18 18:00:19 UTC
Created attachment 172673 [details]
patch

See below, testbuild is OK
Comment 1 loic.blot 2016-07-18 20:13:36 UTC
I test it now
Comment 2 loic.blot 2016-07-18 21:27:05 UTC
Thanks Kurt, it's okay for me you can push
Comment 3 commit-hook freebsd_committer 2016-07-19 04:14:14 UTC
A commit references this bug:

Author: pi
Date: Tue Jul 19 04:13:46 UTC 2016
New revision: 418759
URL: https://svnweb.freebsd.org/changeset/ports/418759

Log:
  www/nextcloud: 9.0.52 -> 9.0.53

  - Guzzle 5 is shipped as part of Nextcloud and can be abused,
    in some special scenarios

  PR:		211206
  Approved by:	Loic Blot <loic.blot@unix-experience.fr> (maintainer)
  MFH:		2016Q3
  Changes:	https://nextcloud.com/httpoxy-can-affect-nextcloud-get-your-update-now/
  Security:	https://httpoxy.org/

Changes:
  head/www/nextcloud/Makefile
  head/www/nextcloud/distinfo
Comment 4 commit-hook freebsd_committer 2016-07-26 14:01:10 UTC
A commit references this bug:

Author: feld
Date: Tue Jul 26 14:00:23 UTC 2016
New revision: 419110
URL: https://svnweb.freebsd.org/changeset/ports/419110

Log:
  MFH: r418724 r418759

  www/nextcloud: 9.0.51 -> 9.0.52

  www/nextcloud: 9.0.52 -> 9.0.53

  - Guzzle 5 is shipped as part of Nextcloud and can be abused,
    in some special scenarios

  PR:		211206
  Changes:	https://nextcloud.com/httpoxy-can-affect-nextcloud-get-your-update-now/
  Security:	https://httpoxy.org/

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q3/
  branches/2016Q3/www/nextcloud/Makefile
  branches/2016Q3/www/nextcloud/distinfo
  branches/2016Q3/www/nextcloud/pkg-plist