Created attachment 190442 [details] Patch to v1.2.2 This patch updates bchunk to version 1.2.2 which contains following security fixes: - CVE-2017-15953 and CVE-2017-15954, a heap-based buffer overflow. - CVE-2017-15955, Access violation near NULL on destination operand and crash when processing a malformed CUE (.cue) file. Following bugfixes/improvements were done: - Fix wrong track size calculation when having multiple tracks in one image - Clarified manual page for input/output file types. QA: ~~~ - portlint -A -> OK - poudriere (11.1-RELEASE i386 and amd64) -> OK
Will take some time to create security/vuxml/vuln.xml records.
Submitter, please note the odd e-mail in your account. Different from the one in the MAINTAINER field.
(In reply to Yuri Victorovich from comment #2) Hello Yuri, thank you for your information about the mail addresses. The address in the MAINTAINER field is correct and will be used for further ports contributions in the future. The "odd" mail address is only used for the bugzilla account.
(In reply to owk from comment #3) Thanks! In general, the person submitting the bug report with change of MAINTAINER should be the same person as a new maintainer. Somebody might have some doubts in this case. The domain is the same, but names are different. I think it should be ok in this case. Cheers, Yuri
(In reply to Yuri Victorovich from comment #4) Hello Yuri, hrm, that sounds reasonable. Well, I've changed the mail address of the bugzilla account to the address as given in the MAINTAINER field. -- Cheers Kai
(In reply to owk from comment #5) Thanks!
A commit references this bug: Author: yuri Date: Tue Feb 13 23:49:51 UTC 2018 New revision: 461759 URL: https://svnweb.freebsd.org/changeset/ports/461759 Log: sysutils/bchunk: Update to 1.2.2 Changelog is in: http://he.fi/bchunk/ freebsd_ports@k-worx.org took maintainership Additional port changes: * Changed to DISTVERSION * Added LICENSE/LICENSE_FILE * Silenced do-build PR: 225772 Submitted by: owk <freebsd_ports@k-worx.org> Approved by: tcberner (mentor, implicit) Changes: head/sysutils/bchunk/Makefile head/sysutils/bchunk/distinfo
Committed with some changes. Thank you for taking maintainership!
A commit references this bug: Author: yuri Date: Sat Feb 17 20:25:49 UTC 2018 New revision: 462192 URL: https://svnweb.freebsd.org/changeset/ports/462192 Log: MFH: r461759 sysutils/bchunk: Update to 1.2.2 Changelog is in: http://he.fi/bchunk/ freebsd_ports@k-worx.org took maintainership Additional port changes: * Changed to DISTVERSION * Added LICENSE/LICENSE_FILE * Silenced do-build PR: 225772 Submitted by: owk <freebsd_ports@k-worx.org> Approved by: tcberner (mentor, implicit) Approved by: ports-secteam Security: CVE-2017-15953, CVE-2017-15954, CVE-2017-15955 Changes: _U branches/2018Q1/ branches/2018Q1/sysutils/bchunk/Makefile branches/2018Q1/sysutils/bchunk/distinfo