Bug 228825 - sysutils/rundeck update to 2.11.4
Summary: sysutils/rundeck update to 2.11.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Steve Wills
URL:
Keywords: easy, patch-ready
Depends on:
Blocks:
 
Reported: 2018-06-08 12:55 UTC by Volodymyr Kostyrko
Modified: 2018-06-09 21:31 UTC (History)
0 users

See Also:

Attachments
patch to new version (914 bytes, patch)
2018-06-08 12:55 UTC, Volodymyr Kostyrko 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Volodymyr Kostyrko 2018-06-08 12:55:47 UTC 
Created attachment 194081 [details]
patch to new version

This release addresses a potential security issue in processing of zip files, please see the this issue: Security Advisory: Zip Slip directory traversal vulnerability #3471.

Changes:

 * #3384 duplicate jobs page doesn’t show options
 * #3423 Create project via API with invalid project name does not return error
 * 2.11: Git plugin setup page does not preserve current values in Select fields
 * backport: Zip Slip fix for 2.11
Comment 1 commit-hook freebsd_committer freebsd_triage 2018-06-09 21:31:13 UTC 
A commit references this bug:

Author: swills
Date: Sat Jun  9 21:30:39 UTC 2018
New revision: 472096
URL: https://svnweb.freebsd.org/changeset/ports/472096

Log:
  sysutils/rundeck update to 2.11.4

  PR:		228825
  Submitted by:	Volodymyr Kostyrko <arcade@b1t.name> (maintainer)

Changes:
  head/sysutils/rundeck/Makefile
  head/sysutils/rundeck/distinfo
Comment 2 Steve Wills freebsd_committer freebsd_triage 2018-06-09 21:31:48 UTC 
Committed, thanks!