253624 – textproc/libebml: Update to 1.4.2 (CVE-2021-3405)

Bug 253624 - textproc/libebml: Update to 1.4.2 (CVE-2021-3405)

Summary: textproc/libebml: Update to 1.4.2 (CVE-2021-3405)

Status:	Closed Overcome By Events

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-multimedia (Nobody)

URL:	https://github.com/Matroska-Org/libeb...
Keywords:

Depends on:
Blocks:	253626
	Show dependency tree / graph

Reported:	2021-02-18 17:13 UTC by Daniel Engberg
Modified:	2021-02-18 22:39 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (multimedia)

Attachments
Patch for libebml (19.60 KB, patch) 2021-02-18 17:13 UTC, Daniel Engberg	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Engberg freebsd_committer

2021-02-18 17:13:53 UTC

Created attachment 222555 [details]
Patch for libebml

Update libebml to 1.4.2
Fixes CVE-2021-3405
Update bundled library utfcpp to v3.1.2 (upstream)

Compile tested on FreeBSD 13.0-BETA2 (amd64) (make, make check-plist)
Poudriere testport OK 12.2-RELEASE (amd64) (with and without RCC)
Poudriere testport OK 11.4-RELEASE (amd64)

Comment 1 Daniel Engberg freebsd_committer

2021-02-18 17:14:40 UTC

I'll add a VuXML entry during the weekend unless someone beats me to it.

Comment 2 Daniel Engberg freebsd_committer

2021-02-18 17:37:27 UTC

utf(8)cpp library bump submitted upstream here:
https://github.com/Matroska-Org/libebml/pull/78

Comment 3 Daniel Engberg freebsd_committer

2021-02-18 18:00:19 UTC

Ignore the RCC part, cut 'n paste error on my behalf

Comment 4 Daniel Engberg freebsd_committer

2021-02-18 22:39:50 UTC

Superseded by r565949 (without patches)