Bug 252464 - mail/sympa: security upgrade to 6.2.60
Summary: mail/sympa: security upgrade to 6.2.60
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Kurt Jaeger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-06 10:56 UTC by geoffroy desvernay
Modified: 2021-05-02 13:01 UTC (History)
1 user (show)

See Also:
dgeo: maintainer-feedback+
pi: merge-quarterly+


Attachments
svn diff mail/sympa (935 bytes, patch)
2021-01-06 10:56 UTC, geoffroy desvernay
no flags Details | Diff
svn diff security/vuxml (259 bytes, patch)
2021-02-06 14:06 UTC, geoffroy desvernay
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description geoffroy desvernay 2021-01-06 10:56:26 UTC
Created attachment 221319 [details]
svn diff mail/sympa

fix SOAP interface vulnerability
https://github.com/sympa-community/sympa/issues/1041
CVE-2020-29668
Comment 1 Kurt Jaeger freebsd_committer 2021-01-06 15:54:13 UTC
Can you also provide the entry for security/vuxml ?
Comment 2 commit-hook freebsd_committer 2021-01-06 16:16:17 UTC
A commit references this bug:

Author: pi
Date: Wed Jan  6 16:15:44 UTC 2021
New revision: 560539
URL: https://svnweb.freebsd.org/changeset/ports/560539

Log:
  mail/sympa: update 6.2.58 -> 6.2.60, security update CVE-2020-29668

  - fix SOAP interface vulnerability
    https://github.com/sympa-community/sympa/issues/1041

  PR:		252464
  Submitted by:	geoffroy desvernay <dgeo@centrale-marseille.fr> (maintainer)
  MFH:		2021Q1
  Relnotes:	https://github.com/sympa-community/sympa/releases/tag/6.2.60
  Security:	CVE-2020-29668

Changes:
  head/mail/sympa/Makefile
  head/mail/sympa/distinfo
Comment 3 commit-hook freebsd_committer 2021-01-06 16:18:18 UTC
A commit references this bug:

Author: pi
Date: Wed Jan  6 16:17:25 UTC 2021
New revision: 560540
URL: https://svnweb.freebsd.org/changeset/ports/560540

Log:
  MFH: r560539

  mail/sympa: update 6.2.58 -> 6.2.60, security update CVE-2020-29668

  - fix SOAP interface vulnerability
    https://github.com/sympa-community/sympa/issues/1041

  PR:		252464
  Submitted by:	geoffroy desvernay <dgeo@centrale-marseille.fr> (maintainer)
  Relnotes:	https://github.com/sympa-community/sympa/releases/tag/6.2.60
  Security:	CVE-2020-29668

Changes:
_U  branches/2021Q1/
  branches/2021Q1/mail/sympa/Makefile
  branches/2021Q1/mail/sympa/distinfo
Comment 4 Kurt Jaeger freebsd_committer 2021-01-06 16:18:45 UTC
waiting for vuxml entry
Comment 5 geoffroy desvernay 2021-02-06 14:06:21 UTC
Created attachment 222216 [details]
svn diff security/vuxml

vuxml entry
Comment 6 commit-hook freebsd_committer 2021-05-02 13:00:42 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5271faba4b2a2f9f28a3d84dcc7342442452d9b4

commit 5271faba4b2a2f9f28a3d84dcc7342442452d9b4
Author:     Geoffroy Desvernay <dgeo@centrale-marseille.fr>
AuthorDate: 2021-05-02 12:59:33 +0000
Commit:     Kurt Jaeger <pi@FreeBSD.org>
CommitDate: 2021-05-02 12:59:33 +0000

    security/vuxml: add mail/sympa CVE

    PR:             252464

 security/vuxml/vuln.xml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
Comment 7 Kurt Jaeger freebsd_committer 2021-05-02 13:01:42 UTC
Thanks, sorry for the long delay!