Page MenuHomeFreeBSD

Update irc/konversation to 1.7.3
ClosedPublic

Authored by adridg on Nov 12 2017, 9:16 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 3, 2:28 PM
Unknown Object (File)
Mon, Dec 2, 12:16 AM
Unknown Object (File)
Fri, Nov 29, 7:23 AM
Unknown Object (File)
Nov 25 2024, 6:31 PM
Unknown Object (File)
Nov 25 2024, 6:50 AM
Unknown Object (File)
Nov 25 2024, 6:50 AM
Unknown Object (File)
Nov 24 2024, 11:27 PM
Unknown Object (File)
Nov 24 2024, 6:29 PM
Subscribers

Details

Summary

This release fixes a remotely-exploitable crash in the Konversation
IRC client.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Use <cvename> instead of <url>

security/vuxml/vuln.xml
65 ↗(On Diff #35172)
#  pkg audit -f ./vuln.xml konversation-1.7.2
0 problem(s) in the installed packages found.

ohhh. that is wrong, isn't it :)

you need the package name there, i.e konversation

security/vuxml/vuln.xml
78 ↗(On Diff #35172)

You could keep the url field additionally too.

Fix package name, add CVE url.

security/vuxml/vuln.xml
79 ↗(On Diff #35175)

After that, on to the committing stage -- two separate commits:

  1. security/vuxml
    • commit message somthing ala Document new vulnerabilities in irc/konversation < 1.7.3
  2. irc/konversation
    • Normal commit message
    • This time, additionally use the field MFH: 2017Q4
This revision is now accepted and ready to land.Nov 12 2017, 9:50 PM
This revision was automatically updated to reflect the committed changes.