Bug 223931 - net/xrdp-devel: patch for CVE-2017-16927
Summary: net/xrdp-devel: patch for CVE-2017-16927
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Luca Pizzamiglio
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-28 01:55 UTC by Koichiro Iwao
Modified: 2018-01-02 11:40 UTC (History)
2 users (show)

See Also:


Attachments
CVE-2017-16927 (4.73 KB, text/plain)
2017-11-28 01:55 UTC, Koichiro Iwao
meta: maintainer-approval+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Koichiro Iwao freebsd_committer 2017-11-28 01:55:19 UTC
Created attachment 188345 [details]
CVE-2017-16927

ref. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16927
Comment 1 Koichiro Iwao freebsd_committer 2017-11-28 02:22:33 UTC
Patch obtained from upstream: https://github.com/neutrinolabs/xrdp/pull/958
Comment 2 commit-hook freebsd_committer 2017-11-30 10:13:00 UTC
A commit references this bug:

Author: pizzamig
Date: Thu Nov 30 10:12:27 UTC 2017
New revision: 455190
URL: https://svnweb.freebsd.org/changeset/ports/455190

Log:
  security/vuxml: Document vulnerability in net/xrdp-devel

  PR:		223931
  Reported by:	meta+ports@vmeta.jp (maintainer)
  Security:	CVE-2017-16927

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer 2017-11-30 10:17:06 UTC
A commit references this bug:

Author: pizzamig
Date: Thu Nov 30 10:16:09 UTC 2017
New revision: 455191
URL: https://svnweb.freebsd.org/changeset/ports/455191

Log:
  net/xrdp-devel: Fix CVE-2017-16927

  Fix CVE-2017-16927
  Patch from upstream: https://github.com/neutrinolabs/xrdp/pull/958

  PR:		223931
  Submitted by:	meta+ports@vmeta.jp (maintainer)
  MFH:		2017Q4
  Security:	CVE-2017-16927

Changes:
  head/net/xrdp-devel/Makefile
  head/net/xrdp-devel/files/patch-CVE-2017-16927
Comment 4 Luca Pizzamiglio freebsd_committer 2018-01-02 11:40:37 UTC
The fix was committed in trunk and now also in quarterly 2018Q1.
Thanks for the patch!