Bug 212455 - ftp/curl: Security Vulnerability: CVE-2016-7141 <= 7.50.2
Summary: ftp/curl: Security Vulnerability: CVE-2016-7141 <= 7.50.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Mark Felder
URL: https://curl.haxx.se/docs/adv_2016090...
Keywords: security
Depends on: 212677
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-07 14:13 UTC by Gerard Seibert
Modified: 2016-10-09 07:44 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (sunpoet)
koobs: merge-quarterly-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gerard Seibert 2016-09-07 14:13:10 UTC 
I was just made aware of this security advisory: https://curl.haxx.se/docs/adv_20160907.html

I am want to make sure that the port maintainer sunpoet@FreeBSD.org is aware of it.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2016-09-08 09:40:22 UTC 
Affected versions: libcurl 7.19.6 to and including 7.50.1
Not affected versions: libcurl >= 7.50.2

There is an individual commit for this as well:

https://github.com/curl/curl/commit/curl-7_50_2~32
Comment 2 Kurt Jaeger freebsd_committer freebsd_triage 2016-09-17 05:13:42 UTC 
See 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212677

for the update to 7.50.3, which, according to the changelog, fixes another CVE:

https://curl.haxx.se/docs/adv_20160914.html
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2016-09-17 06:52:34 UTC 
@Kurt Maybe re-open and block this by bug 212677
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2016-09-19 08:09:27 UTC 
MFH not necessary, will be taken care of in bug 212677
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2016-10-09 07:44:20 UTC 
Closed in dependent bug 212677, assign to committer that resolved