Bug 230183 - japanese/mailman is affected by CVE-2018-13796
Summary: japanese/mailman is affected by CVE-2018-13796
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: TAKATSU Tomonari
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-30 09:16 UTC by Yasuhito FUTATSUKI
Modified: 2018-09-04 03:05 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (tota)


Attachments
patch to fix CVE-2018-13796 for 2.1.14+j7 (1.37 KB, patch)
2018-07-30 09:16 UTC, Yasuhito FUTATSUKI
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhito FUTATSUKI 2018-07-30 09:16:17 UTC
Created attachment 195627 [details]
patch to fix CVE-2018-13796 for 2.1.14+j7

(This is re-submit from Bug #22935 comment #3 and #4)

On Mon, 23 Jul 2018 Mailman 2.1.28 has been released and a vulnerability CVE-2018-13796 has been published.

Mailman 2.1.28 release announcement
<https://www.mail-archive.com/mailman-users@python.org/msg71066.html>
Mailman 2.1.29 releas announcement
<https://www.mail-archive.com/mailman-users@python.org/msg71066.html>
vulnerability detail (launchpad.net, Bug 178074)
https://bugs.launchpad.net/mailman/+bug/1780874

This vulnerability affects mailman 2.1.14+j7. The patch attached in bug report at launchpad.net is one for rev 1768 (between 2.1.26 release and 2.1.27 release) and above, so I've made patch for 2.1.14+j7 (attached patch).
Comment 1 Yasuhito FUTATSUKI 2018-07-30 09:20:43 UTC
(In reply to Yasuhito FUTATSUKI from comment #0)
> (This is re-submit from Bug #22935 comment #3 and #4)
above is wrong bug Id...

This was a resubmit report of #229351 comment #3 and #4
Comment 2 commit-hook freebsd_committer 2018-08-30 06:35:06 UTC
A commit references this bug:

Author: tota
Date: Thu Aug 30 06:34:28 UTC 2018
New revision: 478435
URL: https://svnweb.freebsd.org/changeset/ports/478435

Log:
  - Apply CVE-2018-13796 patch

  PR:		230183
  Submitted by:	Yasuhito FUTATSUKI
  MFH:		2018Q3
  Security:	CVE-2018-13796

Changes:
  head/japanese/mailman/Makefile
  head/japanese/mailman/files/patch-Mailman_Utils.py
Comment 3 commit-hook freebsd_committer 2018-09-04 03:02:17 UTC
A commit references this bug:

Author: tota
Date: Tue Sep  4 03:01:22 UTC 2018
New revision: 478924
URL: https://svnweb.freebsd.org/changeset/ports/478924

Log:
  MFH: r478435

  - Apply CVE-2018-13796 patch

  PR:		230183
  Submitted by:	Yasuhito FUTATSUKI
  Security:	CVE-2018-13796
  Approved by:	ports-secteam (miwi@)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/japanese/mailman/Makefile
  branches/2018Q3/japanese/mailman/files/patch-Mailman_Utils.py
Comment 4 TAKATSU Tomonari freebsd_committer 2018-09-04 03:05:43 UTC
Committed.
Thanks!