Page MenuHomeFreeBSD

Update irc/konversation to 1.7.3
ClosedPublic

Authored by adridg on Nov 12 2017, 9:16 PM.

Details

Summary

This release fixes a remotely-exploitable crash in the Konversation
IRC client.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

Use <cvename> instead of <url>

security/vuxml/vuln.xml
65 ↗(On Diff #35172)
#  pkg audit -f ./vuln.xml konversation-1.7.2
0 problem(s) in the installed packages found.

ohhh. that is wrong, isn't it :)

you need the package name there, i.e konversation

security/vuxml/vuln.xml
78 ↗(On Diff #35172)

You could keep the url field additionally too.

Fix package name, add CVE url.

security/vuxml/vuln.xml
79 ↗(On Diff #35175)

After that, on to the committing stage -- two separate commits:

  1. security/vuxml
    • commit message somthing ala Document new vulnerabilities in irc/konversation < 1.7.3
  2. irc/konversation
    • Normal commit message
    • This time, additionally use the field MFH: 2017Q4
This revision is now accepted and ready to land.Nov 12 2017, 9:50 PM
This revision was automatically updated to reflect the committed changes.