Bug 255580 - security/vuxml: Document multiple vulnerabilities in redis
Summary: security/vuxml: Document multiple vulnerabilities in redis
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ports Security Team
URL:
Keywords:
Depends on:
Blocks: 255581 255582
  Show dependency treegraph
 
Reported: 2021-05-03 21:04 UTC by Yasuhiro Kimura
Modified: 2021-05-03 21:47 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)


Attachments
Patch file (2.68 KB, patch)
2021-05-03 21:04 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (2.65 KB, patch)
2021-05-03 21:09 UTC, Yasuhiro Kimura
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura 2021-05-03 21:04:03 UTC
Created attachment 224643 [details]
Patch file

Document multiple vulnerabilities in redis (CVE-2021-29477, CVE-2021-29478).
Comment 1 Yasuhiro Kimura 2021-05-03 21:09:53 UTC
Created attachment 224645 [details]
Updated patch file

Update patch to make it fit to the latest posts tree.
Comment 2 Sergey A. Osokin freebsd_committer 2021-05-03 21:31:21 UTC
Hi Yasuhiro-san,

thanks for sharing this.


I've tried to apply this patch and found I can't.
Could you please resubmit it.

Thank you.

--
Sergey
Comment 3 Yasuhiro Kimura 2021-05-03 21:39:14 UTC
(In reply to Sergey A. Osokin from comment #2)

I submitted updated patch. Plase try attachment 224645 [details].
Comment 4 commit-hook freebsd_committer 2021-05-03 21:45:18 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f7743680c102e31388b1ea20a58dcded671a8746

commit f7743680c102e31388b1ea20a58dcded671a8746
Author:     Sergey A. Osokin <osa@FreeBSD.org>
AuthorDate: 2021-05-03 21:43:57 +0000
Commit:     Sergey A. Osokin <osa@FreeBSD.org>
CommitDate: 2021-05-03 21:44:51 +0000

    security/vuxml: document recent vulnerabilities with redis ports.
    PR:     255580

 security/vuxml/vuln.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
Comment 5 Sergey A. Osokin freebsd_committer 2021-05-03 21:47:00 UTC
(In reply to Yasuhiro Kimura from comment #3)

It doesn't work here.

% patch -p1 < patch-1 
Hmm...  Looks like a unified diff to me...
File to patch: vuln.xml
Patching file vuln.xml using Plan A...
patch: **** malformed patch at line 1: @@ -, +, @@ 

However, I've already committed an updated version.
Comment 6 Sergey A. Osokin freebsd_committer 2021-05-03 21:47:27 UTC
Committed with some modifications, thanks for the report!