Page MenuHomeFreeBSD

security/vuxml: Mark mini_httpd < 1.30 as vulnerable
ClosedPublic

Authored by leres on Oct 26 2018, 11:03 PM.

Details

Summary

Proposed commit message:

Mark mini_httpd < 1.30 as vulnerable as per:

http://acme.com/updates/archive/211.html

The issue is arbitrary file disclosure in some circumstances.

Reviewed by: ? (mentor)
Approved by: ? (mentor)
Differential Revision: ?

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 20454
Build 19888: arc lint + arc unit

Event Timeline

leres created this revision.Oct 26 2018, 11:03 PM
This revision is now accepted and ready to land.Oct 27 2018, 6:24 AM
leres closed this revision.Oct 28 2018, 7:15 AM

This seems to always happens with MFH. My new theory is that I need to populate the "Differential Revision" for both the commit (which I did) and with MFH commit (which I did not).

This seems to always happens with MFH. My new theory is that I need to populate the "Differential Revision" for both the commit (which I did) and with MFH commit (which I did not).

Doesn't MFH copy the commit message from the original commit anyhow, including the Differential Revision tag? Hmmm... plus is it relevant for this particular review? As I recall, we only MFH the update to the vulnerable package, not the vuxml bits.