Opened 8 years ago

Closed 8 years ago

#51292 closed enhancement (fixed)

tardiff: CVE-2015-0857, CVE-2015-0858 and other bugs

Reported by: raimue (Rainer Müller) Owned by: ryandesign (Ryan Carsten Schmidt)
Priority: Normal Milestone:
Component: ports Version: 2.3.4
Keywords: security haspatch Cc:
Port: tardiff

Description (last modified by raimue (Rainer Müller))

I am attaching a patch to update tardiff with patches created by Debian to fix security bugs. In order to apply these patches without re-editing, other fixes should be applied first. I stripped the path prefix from the patches to apply them with -p0 and retained the explicit gnutar.

Details are published in Debian's security advisory: https://www.debian.org/security/2016/dsa-3562

Attachments (5)

tardiff.diff (746 bytes) - added by raimue (Rainer Müller) 8 years ago.
Portfile
patch-fix-statistic.diff (951 bytes) - added by raimue (Rainer Müller) 8 years ago.
patch-fix-unique-uniquebase.diff (1.7 KB) - added by raimue (Rainer Müller) 8 years ago.
patch-CVE-2015-0857.diff (1.3 KB) - added by raimue (Rainer Müller) 8 years ago.
patch-CVE-2015-0858.diff (1.4 KB) - added by raimue (Rainer Müller) 8 years ago.

Download all attachments as: .zip

Change History (8)

Changed 8 years ago by raimue (Rainer Müller)

Attachment: tardiff.diff added

Portfile

Changed 8 years ago by raimue (Rainer Müller)

Attachment: patch-fix-statistic.diff added

Changed 8 years ago by raimue (Rainer Müller)

Changed 8 years ago by raimue (Rainer Müller)

Attachment: patch-CVE-2015-0857.diff added

Changed 8 years ago by raimue (Rainer Müller)

Attachment: patch-CVE-2015-0858.diff added

comment:1 Changed 8 years ago by raimue (Rainer Müller)

Description: modified (diff)

comment:2 Changed 8 years ago by ryandesign (Ryan Carsten Schmidt)

No objection, please commit, and please add openmaintainer on this port too.

comment:3 Changed 8 years ago by raimue (Rainer Müller)

Resolution: fixed
Status: newclosed

Committed in r148304.

Note: See TracTickets for help on using tickets.