Bug 216661 - lang/chicken - multiple vulnerabilities
Summary: lang/chicken - multiple vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jason Unovitch
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2017-01-31 03:50 UTC by Sevan Janiyan
Modified: 2017-03-05 16:17 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (vmagerya)
junovitch: merge-quarterly+


Attachments
chicken-4.12.0.diff (823 bytes, patch)
2017-03-05 08:13 UTC, Vitaly Magerya
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 commit-hook freebsd_committer 2017-02-04 17:40:33 UTC
A commit references this bug:

Author: feld
Date: Sat Feb  4 17:39:45 UTC 2017
New revision: 433330
URL: https://svnweb.freebsd.org/changeset/ports/433330

Log:
  Document vulnerabilities in chicken

  PR:		216661
  Security:	CVE-2016-6830 CVE-2016-6831

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Jason Unovitch freebsd_committer 2017-03-05 02:59:00 UTC
This looks to have been mistakenly closed. Vitaly, do you have an update to 4.12.0 in testing or ready for commit?
Comment 3 Vitaly Magerya 2017-03-05 08:13:21 UTC
Created attachment 180526 [details]
chicken-4.12.0.diff

Yes. Here's the update to 4.12.0.

Changelog is at [1]; there's one more CVE fixed in this release that we don't have in vuxml: CVE-2016-9954 (a problem in the regular expression engine, see [2]).

[1] https://code.call-cc.org/releases/4.12.0/NEWS
[2] http://www.openwall.com/lists/oss-security/2016/12/14/18
Comment 4 commit-hook freebsd_committer 2017-03-05 16:15:52 UTC
A commit references this bug:

Author: junovitch
Date: Sun Mar  5 16:15:37 UTC 2017
New revision: 435483
URL: https://svnweb.freebsd.org/changeset/ports/435483

Log:
  lang/chicken: update 4.11.0 -> 4.12.0

  PR:		216661
  Reported by:	sevan
  Submitted by:	Vitaly Magerya <vmagerya@gmail.com> (maintainer)
  Security:	CVE-2016-6830
  Security:	CVE-2016-6831
  Security:	CVE-2016-9954
  Security:	https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html
  MFH:		2017Q1

Changes:
  head/lang/chicken/Makefile
  head/lang/chicken/distinfo
Comment 5 commit-hook freebsd_committer 2017-03-05 16:15:54 UTC
A commit references this bug:

Author: junovitch
Date: Sun Mar  5 16:15:41 UTC 2017
New revision: 435484
URL: https://svnweb.freebsd.org/changeset/ports/435484

Log:
  Fix PORTEPOCH on Chicken VuXML entry; also additional CVE affecting Chicken

  PR:		216661
  Reported by:	sevan, Vitaly Magerya
  Security:	CVE-2016-9954
  Security:	https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html

Changes:
  head/security/vuxml/vuln.xml
Comment 6 commit-hook freebsd_committer 2017-03-05 16:16:57 UTC
A commit references this bug:

Author: junovitch
Date: Sun Mar  5 16:16:08 UTC 2017
New revision: 435485
URL: https://svnweb.freebsd.org/changeset/ports/435485

Log:
  MFH: r435483

  lang/chicken: update 4.11.0 -> 4.12.0

  PR:		216661
  Reported by:	sevan
  Submitted by:	Vitaly Magerya <vmagerya@gmail.com> (maintainer)
  Security:	CVE-2016-6830
  Security:	CVE-2016-6831
  Security:	CVE-2016-9954
  Security:	https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/lang/chicken/Makefile
  branches/2017Q1/lang/chicken/distinfo
Comment 7 Jason Unovitch freebsd_committer 2017-03-05 16:17:44 UTC
Thank you Vitaly! Update has been committed.