Bug 216026 - security/vuxml: Document vulnerability in RabbitMQ (CVE-2016-9877)
Summary: security/vuxml: Document vulnerability in RabbitMQ (CVE-2016-9877)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Jason Unovitch
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2017-01-13 11:32 UTC by VK
Modified: 2017-01-15 03:08 UTC (History)
1 user (show)

See Also:
junovitch: maintainer-feedback+


Attachments
Document vulnerability in RabbitMQ (CVE-2016-9877) (1.59 KB, patch)
2017-01-13 11:32 UTC, VK
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2017-01-13 11:32:48 UTC
Created attachment 178856 [details]
Document vulnerability in RabbitMQ (CVE-2016-9877)

A security vulnerability was discovered in RabbitMQ prior to 3.6.6. As the port has updated to this version just two months ago (so the version in HEAD and 2017Q1 are not vulnerable), it's still possible some users are affected.

The patch documents the vulnerability.
Comment 1 Jason Unovitch freebsd_committer 2017-01-15 03:04:07 UTC
Vladimir,
Thanks!
Comment 2 commit-hook freebsd_committer 2017-01-15 03:08:19 UTC
A commit references this bug:

Author: junovitch
Date: Sun Jan 15 03:03:06 UTC 2017
New revision: 431513
URL: https://svnweb.freebsd.org/changeset/ports/431513

Log:
  Document RabbitMQ Authentication vulnerability

  PR:		216026
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
  Security:	CVE-2016-9877
  Security:	https://vuxml.FreeBSD.org/freebsd/6aa956fb-d97f-11e6-a071-001e67f15f5a.html

Changes:
  head/security/vuxml/vuln.xml