[Bug 226491] [PATCH] devel/zziplib: update to 0.13.68 which fixes multiple CVEs

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226491

            Bug ID: 226491
           Summary: [PATCH] devel/zziplib: update to 0.13.68 which fixes
                    multiple CVEs
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch, security
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: freebsd_ports at k-worx.org
 Attachment #191360 maintainer-approval+
             Flags:
             Flags: maintainer-feedback+

Created attachment 191360
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=191360&action=edit
Patch for zziplib v0.13.68

Hello, 

attached is the patch which updates the port to 0.13.68 and fixes also
following CVEs:

For version 0.13.62:

- CVE-2017-5974
- CVE-2017-5975
- CVE-2017-5976
- CVE-2017-5979
- CVE-2017-5980
- CVE-2017-5981

For version 0.13.67:

- CVE-2017-5977

For version 0.13.68:

- CVE-2018-6381
- CVE-2018-6484
- CVE-2018-6540
- CVE-2018-6541
- CVE-2018-6542

Some days ago there were four new CVEs created which are unresolved at the
moment:

- CVE-2018-6869         
- CVE-2018-7725
- CVE-2018-7726
- CVE-2018-7727

Thus the chances are high that there will be a new release of zziplib from
upstream in near future.


Changes to the port:
- the project moved from SF to GitHub
- removed no longer required entries from USES
- added textproc/xmlto to BUILD_DEPEND 
- completed/fixed license info

QA:
~~~
- poudriere (11.1Ramd64 + i386) -> OK
- portlint -> OK

-- 
You are receiving this mail because:
You are the assignee for the bug.