Bug 251695 - sysutils/tmux: Update quarterly to 3.1c
Summary: sysutils/tmux: Update quarterly to 3.1c
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Mathieu Arnold
URL:
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2020-12-09 02:14 UTC by Marcel O'Neil
Modified: 2021-01-04 14:37 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (mat)
koobs: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcel O'Neil 2020-12-09 02:14:05 UTC 
The version of tmux currently on the quarterly branch (3.1b) is marked as vulnerable, it should be updated to 3.1c:

tmux-3.1b is vulnerable:
tmux -- stack overflow in CSI parsing
WWW: https://vuxml.FreeBSD.org/freebsd/8827134c-1a8f-11eb-9bb0-08002725d892.html

Here is the patch that updated tmux on head: https://svnweb.freebsd.org/ports?view=revision&revision=553690

This is my first report on bugzilla, apologies if I messed anything up or omitted any necessary details.
Comment 1 Mathieu Arnold freebsd_committer freebsd_triage 2021-01-04 14:37:14 UTC 
new quarterly has newer tmux.