Page MenuHomeFreeBSD
Differential D13065

Update irc/konversation to 1.7.3
ClosedPublic
Actions

Authored by adridg on Nov 12 2017, 9:16 PM.
Tags
None
Referenced Files
F154384249: D13065.diff
Tue, Apr 28, 6:25 AM
Unknown Object (File)
Mon, Apr 27, 8:19 AM
Unknown Object (File)
Sun, Apr 26, 12:42 PM
Unknown Object (File)
Sat, Apr 25, 10:46 AM
Unknown Object (File)
Mon, Apr 20, 9:23 PM
Unknown Object (File)
Mon, Apr 13, 5:02 PM
Unknown Object (File)
Thu, Apr 9, 12:39 PM
Unknown Object (File)
Mar 22 2026, 11:13 PM
View All Files
Subscribers
mat

Details

Reviewers
tcberner
rakuco
Commits
rP454088: Update irc/konversation to latest upstream release.
Summary

This release fixes a remotely-exploitable crash in the Konversation
IRC client.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 12706
Build 12975: arc lint + arc unit

Event Timeline

adridg created this revision.Nov 12 2017, 9:16 PM
Harbormaster completed remote builds in B12703: Diff 35171.Nov 12 2017, 9:16 PM
Herald added a subscriber: mat. · View Herald TranscriptNov 12 2017, 9:16 PM
adridg updated this revision to Diff 35172.Nov 12 2017, 9:19 PM

Use <cvename> instead of <url>

Harbormaster completed remote builds in B12704: Diff 35172.Nov 12 2017, 9:19 PM
tcberner added inline comments.Nov 12 2017, 9:21 PM
security/vuxml/vuln.xml
65
#  pkg audit -f ./vuln.xml konversation-1.7.2
0 problem(s) in the installed packages found.

ohhh. that is wrong, isn't it :)

you need the package name there, i.e konversation

tcberner added inline comments.Nov 12 2017, 9:27 PM
security/vuxml/vuln.xml
78

You could keep the url field additionally too.

adridg updated this revision to Diff 35175.Nov 12 2017, 9:34 PM

Fix package name, add CVE url.

Harbormaster completed remote builds in B12706: Diff 35175.Nov 12 2017, 9:34 PM
adridg marked 2 inline comments as done.Nov 12 2017, 9:37 PM
tcberner added inline comments.Nov 12 2017, 9:38 PM
security/vuxml/vuln.xml
79

you could also add a secondary <url>https://www.kde.org/info/security/advisory-20171112-1.txt</url>

tcberner added a comment.Nov 12 2017, 9:41 PM

After that, on to the committing stage -- two separate commits:

  1. security/vuxml
    • commit message somthing ala Document new vulnerabilities in irc/konversation < 1.7.3
  2. irc/konversation
    • Normal commit message
    • This time, additionally use the field MFH: 2017Q4
adridg updated this revision to Diff 35176.Nov 12 2017, 9:47 PM

Add secondary url

Harbormaster completed remote builds in B12707: Diff 35176.Nov 12 2017, 9:47 PM
tcberner accepted this revision.Nov 12 2017, 9:50 PM
This revision is now accepted and ready to land.Nov 12 2017, 9:50 PM
Closed by commit rP454088: Update irc/konversation to latest upstream release. (authored by adridg). · Explain WhyNov 12 2017, 9:57 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
irc/
konversation/
3 lines
6 lines
security/
vuxml/
26 lines

Diff 35175

View Options

irc/konversation/Makefile

Loading...
View Options

irc/konversation/distinfo

Loading...
View Options

security/vuxml/vuln.xml

Loading...