Comment 1 Fernando Apesteguía 2022-11-23 06:44:48 UTC

^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field.

TODO: vuxml entries.

Thanks!

Comment 2 Robert Clausecker 2022-11-23 09:21:18 UTC

(In reply to Fernando Apesteguía from comment #1)

> TODO: vuxml entries.

:-(  I hate writing these.

Comment 3 Fernando Apesteguía 2022-11-23 09:35:33 UTC

(In reply to Robert Clausecker from comment #2)

I'll try to do it later. It was mostly a self-reminder :-)

Comment 4 Fernando Apesteguía 2022-11-24 08:51:32 UTC

(In reply to Fernando Apesteguía from comment #3)
I got the vuxml entry. I'll do the commit today.

Thanks!

Comment 5 commit-hook 2022-11-24 16:15:52 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=dbf29c579ee30461c22872445cafa3c98a8c9235

commit dbf29c579ee30461c22872445cafa3c98a8c9235
Author:     Robert Clausecker <fuz@fuz.su>
AuthorDate: 2022-11-23 06:41:34 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-11-24 16:10:31 +0000

    archivers/advancecomp: update to 2.4

    ChangeLog: https://github.com/amadvance/advancecomp/releases/tag/v2.4

    Fixes multiple vulnerabilities.

    Add vuxml entries

    PR:             267937
    Reported by:    fuz@fuz.su (maintainer)
    MFH:            2022Q4 (security fix)
    Security:       CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017,
                    CVE-2022-35018, CVE-2022-35019, CVE-2022-35020

 archivers/advancecomp/Makefile | 4 ++--
 archivers/advancecomp/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

Comment 6 commit-hook 2022-11-24 16:16:54 UTC

A commit in branch 2022Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=eced3aa10d3b7fc2467fdfd6bed60bc20f2e5442

commit eced3aa10d3b7fc2467fdfd6bed60bc20f2e5442
Author:     Robert Clausecker <fuz@fuz.su>
AuthorDate: 2022-11-23 06:41:34 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-11-24 16:12:23 +0000

    archivers/advancecomp: update to 2.4

    ChangeLog: https://github.com/amadvance/advancecomp/releases/tag/v2.4

    Fixes multiple vulnerabilities.

    Add vuxml entries

    PR:             267937
    Reported by:    fuz@fuz.su (maintainer)
    MFH:            2022Q4 (security fix)
    Security:       CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017,
                    CVE-2022-35018, CVE-2022-35019, CVE-2022-35020

    (cherry picked from commit dbf29c579ee30461c22872445cafa3c98a8c9235)

 archivers/advancecomp/Makefile | 4 ++--
 archivers/advancecomp/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

Comment 7 commit-hook 2022-11-24 16:18:55 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=119b6f865b2c45ab1ba927e62bf41e122fb4ea08

commit 119b6f865b2c45ab1ba927e62bf41e122fb4ea08
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2022-11-24 16:13:42 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-11-24 16:14:42 +0000

    security/vuxml: Add multiple CVEs for advancecomp

    PR:     267937

 security/vuxml/vuln/2022.xml | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

Comment 8 Robert Clausecker 2022-11-27 12:15:57 UTC

Looks like we are done here?

Comment 9 Fernando Apesteguía 2022-11-27 12:29:39 UTC

Yes. Sorry, I missed to close this one.

Cheers.