[Bug 224339] lang/erlang-runtime17: vulnerable to CVE-2017-1000385 [PATCH]
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Dec 14 13:54:55 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224339
Bug ID: 224339
Summary: lang/erlang-runtime17: vulnerable to CVE-2017-1000385
[PATCH]
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: olgeni at FreeBSD.org
Reporter: sg2342 at googlemail.com
Assignee: olgeni at FreeBSD.org
Flags: maintainer-feedback?(olgeni at FreeBSD.org)
Keywords: patch
Created attachment 188825
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=188825&action=edit
backport CVE-2017-1000385 from erlang-runtime18
while lang/erlang-runtime18, lang/erlang-runtime19 and lang/erlang-runtim20
received CVE-2017-1000385 related updates, erlang-runtime17 did not (it is no
longer supported by upstream apparently).
see https://robotattack.org for information about the attack
https://github.com/robotattackorg/robot-detect can be used to confirm that
erlang-runtime17 is vulnerable.
http://erlang.org/pipermail/erlang-questions/2017-November/094257.html is the
Patch Package: OTP 18.3.4.7 email from the OTP team.
attached patch is (the trivial) backport of the changes in OTP 18.3.4.7.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list