Bug 228141 - audio/wavpack: Add patches to fix multiple vulnerabilities and etc.
Summary: audio/wavpack: Add patches to fix multiple vulnerabilities and etc.
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Thomas Zander
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2018-05-11 07:44 UTC by Yasuhiro KIMURA
Modified: 2018-05-13 09:42 UTC (History)
1 user (show)

See Also:
riggs: maintainer-feedback+
riggs: merge-quarterly+


Attachments
patch file (17.74 KB, patch)
2018-05-11 07:44 UTC, Yasuhiro KIMURA
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro KIMURA 2018-05-11 07:44:24 UTC
Created attachment 193268 [details]
patch file

* Add upstream patches to fix following vulnerabilities.
  - CVE-2018-6767
  - CVE-2018-7253
  - CVE-2018-7254
  - CVE-2018-10536
  - CVE-2018-10537
  - CVE-2018-10538
  - CVE-2018-10539
  - CVE-2018-10540
* Add upstream patch to fix memory leak.
* Bump PORTREVISION.
Comment 1 Yasuhiro KIMURA 2018-05-11 08:33:29 UTC
(In reply to Yasuhiro KIMURA from comment #0)

I submitted bug #228146. It adds entry to VuXML documenting vulnerabilities fixed with this bug report. So please commit it together.
Comment 2 commit-hook freebsd_committer 2018-05-13 07:50:32 UTC
A commit references this bug:

Author: riggs
Date: Sun May 13 07:50:15 UTC 2018
New revision: 469778
URL: https://svnweb.freebsd.org/changeset/ports/469778

Log:
  Fix multiple CVEs and memory leaks

  Details:
  - Import patches from upstream HEAD to address
    a bunch of critical CVEs including potential remote
    code execution and memory leaks

  PR:		228141
  Submitted by:	yasu@utahime.org
  MFH:		2018Q2
  Security:	CVE-2018-6767
  		CVE-2018-7253
  		CVE-2018-7254
  		CVE-2018-10536
  		CVE-2018-10537
  		CVE-2018-10538
  		CVE-2018-10539
  		CVE-2018-10540

Changes:
  head/audio/wavpack/Makefile
  head/audio/wavpack/files/patch-CVE-2018-10536_10537
  head/audio/wavpack/files/patch-CVE-2018-10538_10539_10540
  head/audio/wavpack/files/patch-CVE-2018-6767
  head/audio/wavpack/files/patch-CVE-2018-7253
  head/audio/wavpack/files/patch-CVE-2018-7254
  head/audio/wavpack/files/patch-fix-memory-leaks
Comment 3 commit-hook freebsd_committer 2018-05-13 09:39:44 UTC
A commit references this bug:

Author: riggs
Date: Sun May 13 09:39:18 UTC 2018
New revision: 469785
URL: https://svnweb.freebsd.org/changeset/ports/469785

Log:
  MFH: r469778

  Fix multiple CVEs and memory leaks

  Details:
  - Import patches from upstream HEAD to address
    a bunch of critical CVEs including potential remote
    code execution and memory leaks

  PR:		228141
  Submitted by:	yasu@utahime.org
  Security:	CVE-2018-6767
  		CVE-2018-7253
  		CVE-2018-7254
  		CVE-2018-10536
  		CVE-2018-10537
  		CVE-2018-10538
  		CVE-2018-10539
  		CVE-2018-10540

  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2018Q2/
  branches/2018Q2/audio/wavpack/Makefile
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-10536_10537
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-10538_10539_10540
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-6767
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-7253
  branches/2018Q2/audio/wavpack/files/patch-CVE-2018-7254
  branches/2018Q2/audio/wavpack/files/patch-fix-memory-leaks