security/vuxml: Mark mini_httpd < 1.30 as vulnerable
ClosedPublic
Actions

Authored by leres on Oct 26 2018, 11:03 PM.

Details

Reviewers

ler
matthew

Commits

rP483151: Mark mini_httpd < 1.30 as vulnerable as per:

Summary

Proposed commit message:

Mark mini_httpd < 1.30 as vulnerable as per:

http://acme.com/updates/archive/211.html

The issue is arbitrary file disclosure in some circumstances.

Reviewed by: ? (mentor)
Approved by: ? (mentor)
Differential Revision: ?

Diff Detail

Repository

rP FreeBSD ports repository

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 20454
Build 19888: arc lint + arc unit

Event Timeline

leres created this revision.Oct 26 2018, 11:03 PM

Herald added a subscriber: mat. · View Herald TranscriptOct 26 2018, 11:03 PM

Harbormaster completed remote builds in B20454: Diff 49673.Oct 26 2018, 11:03 PM

lgtm

This revision is now accepted and ready to land.Oct 27 2018, 6:24 AM

This seems to always happens with MFH. My new theory is that I need to populate the "Differential Revision" for both the commit (which I did) and with MFH commit (which I did not).

In D17718#378956, @leres wrote:

This seems to always happens with MFH. My new theory is that I need to populate the "Differential Revision" for both the commit (which I did) and with MFH commit (which I did not).

Doesn't MFH copy the commit message from the original commit anyhow, including the Differential Revision tag? Hmmm... plus is it relevant for this particular review? As I recall, we only MFH the update to the vulnerable package, not the vuxml bits.

Revision Contents
Changeset List

Path

Size

security/

vuxml/

vuln.xml

25 lines

Diff 49673

View Options

security/vuxml: Mark mini_httpd < 1.30 as vulnerableClosedPublicActions