Bug 232344 - security/libssh: Update to 0.8.4 (Fixes security vulnerability: CVE-2018-10933)
Summary: security/libssh: Update to 0.8.4 (Fixes security vulnerability: CVE-2018-10933)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Mark Felder
URL: https://www.libssh.org/2018/10/16/lib...
Keywords: security
Depends on: 232376
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-17 07:55 UTC by Kurt Jaeger
Modified: 2018-10-19 19:22 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (johans)
feld: merge-quarterly-


Attachments
patch (2.10 KB, patch)
2018-10-17 07:55 UTC, Kurt Jaeger
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Kurt Jaeger freebsd_committer 2018-10-17 07:55:04 UTC
Created attachment 198260 [details]
patch

testbuilds OK on 12a, 11.2a
Comment 1 commit-hook freebsd_committer 2018-10-17 08:39:42 UTC
A commit references this bug:

Author: johans
Date: Wed Oct 17 08:39:13 UTC 2018
New revision: 482279
URL: https://svnweb.freebsd.org/changeset/ports/482279

Log:
  Update to 0.8.4 (security update)
  https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/

  PR:		232344
  Submitted by:	pi@

Changes:
  head/security/libssh/Makefile
  head/security/libssh/distinfo
  head/security/libssh/pkg-plist
Comment 2 commit-hook freebsd_committer 2018-10-17 15:28:38 UTC
A commit references this bug:

Author: feld
Date: Wed Oct 17 15:28:09 UTC 2018
New revision: 482298
URL: https://svnweb.freebsd.org/changeset/ports/482298

Log:
  security/libssh: Update to 0.7.6 (Fixes security vulnerability: CVE-2018-10933)

  https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/

  PR:		232344

Changes:
  branches/2018Q4/security/libssh/Makefile
  branches/2018Q4/security/libssh/distinfo
  branches/2018Q4/security/libssh/pkg-plist
Comment 3 Mark Felder freebsd_committer 2018-10-17 15:29:54 UTC
direct commit to 2018Q4 to resolve the issue with the older version. I think we can close this.
Comment 4 Kurt Jaeger freebsd_committer 2018-10-17 15:47:48 UTC
No VuXML ?
Comment 5 commit-hook freebsd_committer 2018-10-17 15:54:59 UTC
A commit references this bug:

Author: feld
Date: Wed Oct 17 15:54:16 UTC 2018
New revision: 482299
URL: https://svnweb.freebsd.org/changeset/ports/482299

Log:
  Document libssh vulnerability

  PR:		232344
  Security:	CVE-2018-10933

Changes:
  head/security/vuxml/vuln.xml