Page MenuHomeFreeBSD
Differential D13065

Update irc/konversation to 1.7.3
ClosedPublic
Actions

Authored by adridg on Nov 12 2017, 9:16 PM.
Tags
None
Referenced Files
F131423576: D13065.id.diff
Tue, Oct 7, 9:56 PM
F131339780: D13065.id35177.diff
Tue, Oct 7, 1:39 AM
Unknown Object (File)
Sat, Oct 4, 11:12 PM
Unknown Object (File)
Fri, Oct 3, 9:54 PM
Unknown Object (File)
Wed, Oct 1, 5:38 AM
Unknown Object (File)
Tue, Sep 30, 5:03 PM
Unknown Object (File)
Sat, Sep 27, 1:19 AM
Unknown Object (File)
Thu, Sep 25, 10:15 AM
View All Files
Subscribers
mat

Details

Reviewers
tcberner
rakuco
Commits
rP454088: Update irc/konversation to latest upstream release.
Summary

This release fixes a remotely-exploitable crash in the Konversation
IRC client.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

adridg created this revision.Nov 12 2017, 9:16 PM
Harbormaster completed remote builds in B12703: Diff 35171.Nov 12 2017, 9:16 PM
Herald added a subscriber: mat. · View Herald TranscriptNov 12 2017, 9:16 PM
adridg updated this revision to Diff 35172.Nov 12 2017, 9:19 PM

Use <cvename> instead of <url>

Harbormaster completed remote builds in B12704: Diff 35172.Nov 12 2017, 9:19 PM
tcberner added inline comments.Nov 12 2017, 9:21 PM
security/vuxml/vuln.xml
65 ↗(On Diff #35172)
#  pkg audit -f ./vuln.xml konversation-1.7.2
0 problem(s) in the installed packages found.

ohhh. that is wrong, isn't it :)

you need the package name there, i.e konversation

tcberner added inline comments.Nov 12 2017, 9:27 PM
security/vuxml/vuln.xml
78 ↗(On Diff #35172)

You could keep the url field additionally too.

adridg updated this revision to Diff 35175.Nov 12 2017, 9:34 PM

Fix package name, add CVE url.

Harbormaster completed remote builds in B12706: Diff 35175.Nov 12 2017, 9:34 PM
adridg marked 2 inline comments as done.Nov 12 2017, 9:37 PM
tcberner added inline comments.Nov 12 2017, 9:38 PM
security/vuxml/vuln.xml
79 ↗(On Diff #35175)

you could also add a secondary <url>https://www.kde.org/info/security/advisory-20171112-1.txt</url>

tcberner added a comment.Nov 12 2017, 9:41 PM

After that, on to the committing stage -- two separate commits:

  1. security/vuxml
    • commit message somthing ala Document new vulnerabilities in irc/konversation < 1.7.3
  2. irc/konversation
    • Normal commit message
    • This time, additionally use the field MFH: 2017Q4
adridg updated this revision to Diff 35176.Nov 12 2017, 9:47 PM

Add secondary url

Harbormaster completed remote builds in B12707: Diff 35176.Nov 12 2017, 9:47 PM
tcberner accepted this revision.Nov 12 2017, 9:50 PM
This revision is now accepted and ready to land.Nov 12 2017, 9:50 PM
Closed by commit rP454088: Update irc/konversation to latest upstream release. (authored by adridg). · Explain WhyNov 12 2017, 9:57 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
irc/
konversation/
3 lines
6 lines

Diff 35177

View Options

head/irc/konversation/Makefile

Loading...
View Options

head/irc/konversation/distinfo

Loading...