278243 – net/jose: Update to v13 (CVE-2023-50967)

Bug 278243 - net/jose: Update to v13 (CVE-2023-50967)

Summary: net/jose: Update to v13 (CVE-2023-50967)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Fernando Apesteguía

URL:	https://github.com/latchset/jose/rele...
Keywords:	security

Duplicates (1):	278244 (view as bug list)
Depends on:
Blocks:

Reported:	2024-04-07 23:34 UTC by Howard Holm
Modified:	2024-04-11 06:39 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	fernape: merge-quarterly+

Attachments
Patches Makefile and distinfo to version 13 (1009 bytes, patch) 2024-04-07 23:34 UTC, Howard Holm	hdholm: maintainer-approval+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Howard Holm 2024-04-07 23:34:23 UTC

Created attachment 249818 [details]
Patches Makefile and distinfo to version 13

Fix potential DoS issue (CVE-2023-50967) with p2c header and some build updates.

Comment 1 Howard Holm 2024-04-07 23:38:19 UTC

*** Bug 278244 has been marked as a duplicate of this bug. ***

Comment 2 Fernando Apesteguía freebsd_committer

2024-04-08 16:58:24 UTC

Note to self: Add VuXML entry

Comment 3 commit-hook freebsd_committer

2024-04-11 06:28:48 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0ea5a54f7032a9c5bdb18b80ba67b2baf8ab14fa

commit 0ea5a54f7032a9c5bdb18b80ba67b2baf8ab14fa
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-04-11 06:25:22 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-04-11 06:27:34 +0000

    security/vuxml: add net/jose DoS vulnerability

    PR:     278243

 security/vuxml/vuln/2024.xml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

Comment 4 commit-hook freebsd_committer

2024-04-11 06:37:52 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=533aed358508c1ac8af6caeaece86a8da7f64c63

commit 533aed358508c1ac8af6caeaece86a8da7f64c63
Author:     Howard Holm <hdholm@alumni.iastate.edu>
AuthorDate: 2024-04-08 16:56:08 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-04-11 06:37:37 +0000

    net/jose: Update to v13 (CVE-2023-50967)

    ChangeLog: https://github.com/latchset/jose/releases/tag/v13

    PR:             278243
    Reported by:    hdholm@alumni.iastate.edu (maintainer)
    MFH:            2024Q2 (security fix)
    Security:       CVE-2023-50967

 net/jose/Makefile | 4 ++--
 net/jose/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

Comment 5 commit-hook freebsd_committer

2024-04-11 06:38:53 UTC

A commit in branch 2024Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=44578f23d7ba9f648f77a358a55760bbf22585da

commit 44578f23d7ba9f648f77a358a55760bbf22585da
Author:     Howard Holm <hdholm@alumni.iastate.edu>
AuthorDate: 2024-04-08 16:56:08 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-04-11 06:38:21 +0000

    net/jose: Update to v13 (CVE-2023-50967)

    ChangeLog: https://github.com/latchset/jose/releases/tag/v13

    PR:             278243
    Reported by:    hdholm@alumni.iastate.edu (maintainer)
    MFH:            2024Q2 (security fix)
    Security:       CVE-2023-50967

    (cherry picked from commit 533aed358508c1ac8af6caeaece86a8da7f64c63)

 net/jose/Makefile | 4 ++--
 net/jose/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

Comment 6 Fernando Apesteguía freebsd_committer

2024-04-11 06:39:03 UTC

Committed and merged to 2024Q2,

Thanks!