Page MenuHomeFreeBSD

Update irc/konversation to 1.7.3
ClosedPublic

Authored by adridg on Nov 12 2017, 9:16 PM.

Details

Summary

This release fixes a remotely-exploitable crash in the Konversation
IRC client.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 12704
Build 12973: arc lint + arc unit

Event Timeline

Use <cvename> instead of <url>

security/vuxml/vuln.xml
65
#  pkg audit -f ./vuln.xml konversation-1.7.2
0 problem(s) in the installed packages found.

ohhh. that is wrong, isn't it :)

you need the package name there, i.e konversation

security/vuxml/vuln.xml
78

You could keep the url field additionally too.

Fix package name, add CVE url.

security/vuxml/vuln.xml
78

After that, on to the committing stage -- two separate commits:

  1. security/vuxml
    • commit message somthing ala Document new vulnerabilities in irc/konversation < 1.7.3
  2. irc/konversation
    • Normal commit message
    • This time, additionally use the field MFH: 2017Q4
This revision is now accepted and ready to land.Nov 12 2017, 9:50 PM
This revision was automatically updated to reflect the committed changes.