Bug 233896 - archivers/libmspack: Update to 0.9.1 (Fixes several security vulnerabilities)
Summary: archivers/libmspack: Update to 0.9.1 (Fixes several security vulnerabilities)
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Ports Security Team
URL: https://www.cabextract.org.uk/libmspa...
Keywords: needs-patch, security
Depends on:
Blocks:
 
Reported: 2018-12-09 19:44 UTC by Henry David Bartholomew
Modified: 2019-08-23 02:49 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (fjoe)
koobs: maintainer-feedback? (ports-secteam)


Attachments
0.9.1 patch (1022 bytes, patch)
2018-12-09 19:44 UTC, Henry David Bartholomew
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Henry David Bartholomew 2018-12-09 19:44:06 UTC
Created attachment 199990 [details]
0.9.1 patch

CVEs fixed are the top 9 from https://www.cabextract.org.uk/libmspack/#vulns
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2018-12-10 04:42:44 UTC
Pending (requires) VuXML entry
Comment 2 Max Khon freebsd_committer 2018-12-11 08:44:14 UTC
Committed, thanks!
Comment 3 commit-hook freebsd_committer 2018-12-11 08:45:02 UTC
A commit references this bug:

Author: fjoe
Date: Tue Dec 11 08:44:00 UTC 2018
New revision: 487227
URL: https://svnweb.freebsd.org/changeset/ports/487227

Log:
  Update to 0.9.1alpha

  PR:		233896
  Submitted by:	Henry David Bartholomew

Changes:
  head/archivers/libmspack/Makefile
  head/archivers/libmspack/distinfo
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2018-12-14 03:42:09 UTC
Re-open for VuXML entry and MFH
Comment 5 Jochen Neumeister freebsd_committer 2019-02-15 18:36:17 UTC
what is the current status?
Does ports-secteam have to be active here?
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2019-04-24 05:44:50 UTC
VuXML entries were not added for this  (0.9.1) or previous releases

The last libsmpack VuXML entry was <vuln vid="cc7548ef-06e1-11e5-8fda-002590263bf5"> added <entry>2015-05-31</entry> for version < 0.5

This leaves 10 CVE's (security vulnerabilities) not reported to users (per https://www.cabextract.org.uk/libmspack/#vulns)
Comment 7 Jochen Neumeister freebsd_committer 2019-05-17 12:29:18 UTC
ping @fjoe
Comment 8 Kubilay Kocak freebsd_committer freebsd_triage 2019-08-23 02:49:12 UTC
Over to ports-secteam, no maintainer response since 2018-12-14

VuXML entries for latest and previous version vulnerabilities (At least 10) remains to be added