Bug 218951 - devel/icu fix security vulnerability for 58.2
Summary: devel/icu fix security vulnerability for 58.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Jung-uk Kim
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-29 09:20 UTC by Miroslav Lachman
Modified: 2017-05-04 21:54 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (office)

Attachments
Patch for 58.2 vulnerabilities (9.18 KB, patch)
2017-05-01 12:14 UTC, Dani I. 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Miroslav Lachman 2017-04-29 09:20:42 UTC 
There are know vulnerabilities in version 58.2 but new version 59.1 seems to be scheduled for 2017-07 according to PR218788

The mentioned PR includes patches for 58.2 fixing vulnerabilities.
Can the patch be committed with revision bump earlier?
Comment 1 Dani I. 2017-05-01 12:14:30 UTC 
Created attachment 182221 [details]
Patch for 58.2 vulnerabilities

Here is the patch attached directly to this PR, so we have all in one place.
I would also like to see this patched asap, instead of waiting for 59.1.

Thanks!
Comment 2 Jung-uk Kim freebsd_committer freebsd_triage 2017-05-04 21:05:30 UTC 
I'll take it.
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-05-04 21:45:14 UTC 
A commit references this bug:

Author: jkim
Date: Thu May  4 21:44:57 UTC 2017
New revision: 440117
URL: https://svnweb.freebsd.org/changeset/ports/440117

Log:
  Apply upstream patches to fix CVE-2017-7867 and CVE-2017-7868.

  http://bugs.icu-project.org/trac/changeset/39671

  PR:		218951
  MFH:		2017Q2

Changes:
  head/devel/icu/Makefile
  head/devel/icu/files/patch-r39671
Comment 4 Jung-uk Kim freebsd_committer freebsd_triage 2017-05-04 21:54:04 UTC 
Committed, thanks!