230849 – www/links: Update to 2.16, fixes buffer over-read vulnerability (CVE-2017-11114)

Bug 230849 - www/links: Update to 2.16, fixes buffer over-read vulnerability (CVE-2017-11114)

Summary: www/links: Update to 2.16, fixes buffer over-read vulnerability (CVE-2017-11114)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Yuri Victorovich

URL:	http://links.twibright.com/download/C...
Keywords:

Depends on:
Blocks:

Reported:	2018-08-23 20:13 UTC by Dmitri Goutnik
Modified:	2018-09-06 15:55 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (portmaster) dmgk: merge-quarterly?

Attachments
links-2.16,1.patch (1.62 KB, patch) 2018-08-23 20:13 UTC, Dmitri Goutnik	dmgk: maintainer-approval?	Details \| Diff
vuln.patch (1.32 KB, patch) 2018-08-23 20:15 UTC, Dmitri Goutnik	dmgk: maintainer-approval?	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dmitri Goutnik freebsd_committer

2018-08-23 20:13:40 UTC

Created attachment 196480 [details]
links-2.16,1.patch

- Update 2.14 -> 2.16
- Document buffer over-read vulnerability (CVE-2017-11114), fixed in 2.15
- Add BROTLI knob, Brotli compression support was added in 2.15

Changelog: http://links.twibright.com/download/ChangeLog

QA:
  poudriere testport: OK (112a, 104i)

Comment 1 Dmitri Goutnik freebsd_committer

2018-08-23 20:15:02 UTC

Created attachment 196481 [details]
vuln.patch

Add VuXML entry.

Comment 2 commit-hook freebsd_committer

2018-09-06 06:53:52 UTC

A commit references this bug:

Author: yuri
Date: Thu Sep  6 06:53:44 UTC 2018
New revision: 479088
URL: https://svnweb.freebsd.org/changeset/ports/479088

Log:
  Add VuXML entry for the fixed CVE-2017-11114 in www/links

  PR:		230849
  Submitted by:	Dmitri Goutnik <dg@syrec.org>

Changes:
  head/security/vuxml/vuln.xml

Comment 3 Yuri Victorovich freebsd_committer

2018-09-06 06:56:32 UTC

Committed, thanks!

Comment 4 commit-hook freebsd_committer

2018-09-06 06:56:56 UTC

A commit references this bug:

Author: yuri
Date: Thu Sep  6 06:56:07 UTC 2018
New revision: 479089
URL: https://svnweb.freebsd.org/changeset/ports/479089

Log:
  www/links: Update 2.14 -> 2.16

  PR:		230849
  Submitted by:	Dmitri Goutnik <dg@syrec.org>
  Approved by:	portmaster@BSDforge.com (maintainer's timeout; 14 days)
  MFH:		2018Q3

Changes:
  head/www/links/Makefile
  head/www/links/distinfo

Comment 5 commit-hook freebsd_committer

2018-09-06 15:55:29 UTC

A commit references this bug:

Author: yuri
Date: Thu Sep  6 15:55:15 UTC 2018
New revision: 479105
URL: https://svnweb.freebsd.org/changeset/ports/479105

Log:
  MFH: r479089

  www/links: Update 2.14 -> 2.16
  Fix CVE-2017-11114.

  PR:		230849
  Submitted by:	Dmitri Goutnik <dg@syrec.org>
  Approved by:	portmaster@BSDforge.com (maintainer's timeout; 14 days)

  Approved by:	ports-secteam miwi

Changes:
_U  branches/2018Q3/
  branches/2018Q3/www/links/Makefile
  branches/2018Q3/www/links/distinfo