Bug 212888 - irc/irssi: Multiple vulnerabilities
Summary: irc/irssi: Multiple vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Mark Felder
URL: https://irssi.org/security/irssi_sa_2...
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2016-09-21 20:41 UTC by VK
Modified: 2016-09-21 21:09 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (vanilla)
feld: merge-quarterly+


Attachments
Upgrade irssi to 0.8.20 (1.29 KB, patch)
2016-09-21 20:51 UTC, VK
vlad-fbsd: maintainer-approval? (vanilla)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2016-09-21 20:41:45 UTC
Remote vuln in irssi < 0.8.20

https://irssi.org/security/irssi_sa_2016.txt
Comment 1 VK freebsd_triage 2016-09-21 20:44:28 UTC
CC ports-secteam@
Comment 2 VK freebsd_triage 2016-09-21 20:51:14 UTC
Created attachment 175040 [details]
Upgrade irssi to 0.8.20
Comment 3 VK freebsd_triage 2016-09-21 20:52:49 UTC
Patch passes:

* Poudriere 11.0-RC3 amd64 build test
* portlint complaints from before
Comment 4 commit-hook freebsd_committer 2016-09-21 20:56:19 UTC
A commit references this bug:

Author: feld
Date: Wed Sep 21 20:56:02 UTC 2016
New revision: 422579
URL: https://svnweb.freebsd.org/changeset/ports/422579

Log:
  irc/irssi: Update to 0.8.20

  - Add gettext-runtime to USES per poudriere's warning

  https://irssi.org/security/irssi_sa_2016.txt

  PR:		212888
  MFH:		2016Q3
  Security:	CVE-2016-7044
  Security:	CVE-2016-7045

Changes:
  head/irc/irssi/Makefile
  head/irc/irssi/distinfo
  head/irc/irssi/pkg-plist
Comment 5 commit-hook freebsd_committer 2016-09-21 20:57:21 UTC
A commit references this bug:

Author: feld
Date: Wed Sep 21 20:56:36 UTC 2016
New revision: 422580
URL: https://svnweb.freebsd.org/changeset/ports/422580

Log:
  MFH: r422579

  irc/irssi: Update to 0.8.20

  - Add gettext-runtime to USES per poudriere's warning

  https://irssi.org/security/irssi_sa_2016.txt

  PR:		212888
  Security:	CVE-2016-7044
  Security:	CVE-2016-7045

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q3/
  branches/2016Q3/irc/irssi/Makefile
  branches/2016Q3/irc/irssi/distinfo
  branches/2016Q3/irc/irssi/pkg-plist
Comment 6 commit-hook freebsd_committer 2016-09-21 21:00:22 UTC
A commit references this bug:

Author: feld
Date: Wed Sep 21 20:59:53 UTC 2016
New revision: 422582
URL: https://svnweb.freebsd.org/changeset/ports/422582

Log:
  Document irssi vulnerabilities

  PR:		212888
  Security:	CVE-2016-7044
  Security:	CVE-2016-7045

Changes:
  head/security/vuxml/vuln.xml