Bug 218951 - devel/icu fix security vulnerability for 58.2
Summary: devel/icu fix security vulnerability for 58.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Jung-uk Kim
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-29 09:20 UTC by Miroslav Lachman
Modified: 2017-05-04 21:54 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (office)


Attachments
Patch for 58.2 vulnerabilities (9.18 KB, patch)
2017-05-01 12:14 UTC, Dani I.
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Miroslav Lachman 2017-04-29 09:20:42 UTC
There are know vulnerabilities in version 58.2 but new version 59.1 seems to be scheduled for 2017-07 according to PR218788

The mentioned PR includes patches for 58.2 fixing vulnerabilities.
Can the patch be committed with revision bump earlier?
Comment 1 Dani I. 2017-05-01 12:14:30 UTC
Created attachment 182221 [details]
Patch for 58.2 vulnerabilities

Here is the patch attached directly to this PR, so we have all in one place.
I would also like to see this patched asap, instead of waiting for 59.1.

Thanks!
Comment 2 Jung-uk Kim freebsd_committer freebsd_triage 2017-05-04 21:05:30 UTC
I'll take it.
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-05-04 21:45:14 UTC
A commit references this bug:

Author: jkim
Date: Thu May  4 21:44:57 UTC 2017
New revision: 440117
URL: https://svnweb.freebsd.org/changeset/ports/440117

Log:
  Apply upstream patches to fix CVE-2017-7867 and CVE-2017-7868.

  http://bugs.icu-project.org/trac/changeset/39671

  PR:		218951
  MFH:		2017Q2

Changes:
  head/devel/icu/Makefile
  head/devel/icu/files/patch-r39671
Comment 4 Jung-uk Kim freebsd_committer freebsd_triage 2017-05-04 21:54:04 UTC
Committed, thanks!