Bug 253624 - textproc/libebml: Update to 1.4.2 (CVE-2021-3405)
Summary: textproc/libebml: Update to 1.4.2 (CVE-2021-3405)
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-multimedia (Nobody)
URL: https://github.com/Matroska-Org/libeb...
Keywords:
Depends on:
Blocks: 253626
  Show dependency treegraph
 
Reported: 2021-02-18 17:13 UTC by daniel.engberg.lists
Modified: 2021-02-18 22:39 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (multimedia)


Attachments
Patch for libebml (19.60 KB, patch)
2021-02-18 17:13 UTC, daniel.engberg.lists
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description daniel.engberg.lists 2021-02-18 17:13:53 UTC
Created attachment 222555 [details]
Patch for libebml

Update libebml to 1.4.2
Fixes CVE-2021-3405
Update bundled library utfcpp to v3.1.2 (upstream)

Compile tested on FreeBSD 13.0-BETA2 (amd64) (make, make check-plist)
Poudriere testport OK 12.2-RELEASE (amd64) (with and without RCC)
Poudriere testport OK 11.4-RELEASE (amd64)
Comment 1 daniel.engberg.lists 2021-02-18 17:14:40 UTC
I'll add a VuXML entry during the weekend unless someone beats me to it.
Comment 2 daniel.engberg.lists 2021-02-18 17:37:27 UTC
utf(8)cpp library bump submitted upstream here:
https://github.com/Matroska-Org/libebml/pull/78
Comment 3 daniel.engberg.lists 2021-02-18 18:00:19 UTC
Ignore the RCC part, cut 'n paste error on my behalf
Comment 4 daniel.engberg.lists 2021-02-18 22:39:50 UTC
Superseded by r565949 (without patches)