Bug 240912 - mail/exim: upgrade 4.92.2 -> 4.92.3 to fix CVE-2019-16928 RCE
Summary: mail/exim: upgrade 4.92.2 -> 4.92.3 to fix CVE-2019-16928 RCE
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Vsevolod Stakhov
URL: https://bugs.exim.org/show_bug.cgi?id...
Keywords:
Depends on:
Blocks:
 
Reported: 2019-09-29 06:57 UTC by Kurt Jaeger
Modified: 2019-09-29 09:52 UTC (History)
1 user (show)

See Also:
pi: maintainer-feedback+


Attachments
patch (977 bytes, patch)
2019-09-29 06:57 UTC, Kurt Jaeger
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Kurt Jaeger freebsd_committer 2019-09-29 06:57:00 UTC
Created attachment 207927 [details]
patch

See also: https://bugs.exim.org/show_bug.cgi?id=2449

TODO: vuxml entry

testbuild, testrun done on current, 12.0
Comment 1 commit-hook freebsd_committer 2019-09-29 08:33:48 UTC
A commit references this bug:

Author: vsevolod
Date: Sun Sep 29 08:33:29 UTC 2019
New revision: 513206
URL: https://svnweb.freebsd.org/changeset/ports/513206

Log:
  - Update to 4.92.3 to fix CVE-2019-16928

  PR:		240912
  Submitted by:	pi
  MFH:		2019Q3
  Security:	e917caba-e291-11e9-89f1-152fed202bb7

Changes:
  head/mail/exim/Makefile
  head/mail/exim/distinfo
Comment 2 Vsevolod Stakhov freebsd_committer 2019-09-29 08:34:39 UTC
All done, MFH request is pending for approval. Thanks!
Comment 3 Kurt Jaeger freebsd_committer 2019-09-29 08:53:34 UTC
According to

https://www.freebsd.org/doc/en/articles/committers-guide/ports.html#ports-qa-misc-request-mfh says:

The following blanket approvals for merging to the quarterly branches are in effect:
[...]                                                                           
Backport of security and reliability fixes which only result in                 
PORTREVISION bumps and no changes to enabled features. for example,             
adding a patch fixing a buffer overflow.
[...]

So I think you can just commit that update.
Comment 4 Kurt Jaeger freebsd_committer 2019-09-29 08:55:28 UTC
One item below my quote the handbook says:

Minor version changes that do nothing but fix security or crash-related issues.

So, I guess MFH is fine.
Comment 5 commit-hook freebsd_committer 2019-09-29 09:49:55 UTC
A commit references this bug:

Author: vsevolod
Date: Sun Sep 29 09:49:09 UTC 2019
New revision: 513213
URL: https://svnweb.freebsd.org/changeset/ports/513213

Log:
  MFH: r513206

  - Update to 4.92.3 to fix CVE-2019-16928

  PR:		240912
  Submitted by:	pi
  Security:	e917caba-e291-11e9-89f1-152fed202bb7

  Approved by:	ports-secteam (blanket)

Changes:
_U  branches/2019Q3/
  branches/2019Q3/mail/exim/Makefile
  branches/2019Q3/mail/exim/distinfo