Page MenuHomeFreeBSD

security/vuxml: Mark mini_httpd < 1.30 as vulnerable
ClosedPublic

Authored by leres on Oct 26 2018, 11:03 PM.
Tags
None
Referenced Files
F132757027: D17718.diff
Sun, Oct 19, 4:53 PM
Unknown Object (File)
Fri, Oct 17, 11:54 PM
Unknown Object (File)
Fri, Oct 17, 6:53 AM
Unknown Object (File)
Mon, Oct 6, 5:56 AM
Unknown Object (File)
Sat, Oct 4, 7:04 AM
Unknown Object (File)
Sep 7 2025, 1:35 AM
Unknown Object (File)
Sep 3 2025, 12:58 PM
Unknown Object (File)
Sep 3 2025, 11:06 AM
Subscribers

Details

Summary

Proposed commit message:

Mark mini_httpd < 1.30 as vulnerable as per:

http://acme.com/updates/archive/211.html

The issue is arbitrary file disclosure in some circumstances.

Reviewed by: ? (mentor)
Approved by: ? (mentor)
Differential Revision: ?

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 20454
Build 19888: arc lint + arc unit

Event Timeline

This revision is now accepted and ready to land.Oct 27 2018, 6:24 AM

This seems to always happens with MFH. My new theory is that I need to populate the "Differential Revision" for both the commit (which I did) and with MFH commit (which I did not).

This seems to always happens with MFH. My new theory is that I need to populate the "Differential Revision" for both the commit (which I did) and with MFH commit (which I did not).

Doesn't MFH copy the commit message from the original commit anyhow, including the Differential Revision tag? Hmmm... plus is it relevant for this particular review? As I recall, we only MFH the update to the vulnerable package, not the vuxml bits.