255580 – security/vuxml: Document multiple vulnerabilities in redis

Bug 255580 - security/vuxml: Document multiple vulnerabilities in redis

Summary: security/vuxml: Document multiple vulnerabilities in redis

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Ports Security Team

URL:
Keywords:

Depends on:
Blocks:	255581 255582
	Show dependency tree / graph

Reported:	2021-05-03 21:04 UTC by Yasuhiro Kimura
Modified:	2021-05-03 21:47 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (ports-secteam)

Attachments
Patch file (2.68 KB, patch) 2021-05-03 21:04 UTC, Yasuhiro Kimura	no flags	Details \| Diff
Updated patch file (2.65 KB, patch) 2021-05-03 21:09 UTC, Yasuhiro Kimura	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yasuhiro Kimura freebsd_committer

2021-05-03 21:04:03 UTC

Created attachment 224643 [details]
Patch file

Document multiple vulnerabilities in redis (CVE-2021-29477, CVE-2021-29478).

Comment 1 Yasuhiro Kimura freebsd_committer

2021-05-03 21:09:53 UTC

Created attachment 224645 [details]
Updated patch file

Update patch to make it fit to the latest posts tree.

Comment 2 Sergey A. Osokin freebsd_committer

2021-05-03 21:31:21 UTC

Hi Yasuhiro-san,

thanks for sharing this.


I've tried to apply this patch and found I can't.
Could you please resubmit it.

Thank you.

--
Sergey

Comment 3 Yasuhiro Kimura freebsd_committer

2021-05-03 21:39:14 UTC

(In reply to Sergey A. Osokin from comment #2)

I submitted updated patch. Plase try attachment 224645 [details].

Comment 4 commit-hook freebsd_committer

2021-05-03 21:45:18 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f7743680c102e31388b1ea20a58dcded671a8746

commit f7743680c102e31388b1ea20a58dcded671a8746
Author:     Sergey A. Osokin <osa@FreeBSD.org>
AuthorDate: 2021-05-03 21:43:57 +0000
Commit:     Sergey A. Osokin <osa@FreeBSD.org>
CommitDate: 2021-05-03 21:44:51 +0000

    security/vuxml: document recent vulnerabilities with redis ports.
    PR:     255580

 security/vuxml/vuln.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

Comment 5 Sergey A. Osokin freebsd_committer

2021-05-03 21:47:00 UTC

(In reply to Yasuhiro Kimura from comment #3)

It doesn't work here.

% patch -p1 < patch-1 
Hmm...  Looks like a unified diff to me...
File to patch: vuln.xml
Patching file vuln.xml using Plan A...
patch: **** malformed patch at line 1: @@ -, +, @@ 

However, I've already committed an updated version.

Comment 6 Sergey A. Osokin freebsd_committer

2021-05-03 21:47:27 UTC

Committed with some modifications, thanks for the report!