214940 – archivers/p7zip: Security vulnerability (CVE-2016-9296) (original) (raw)

Comment 1 Raphael Kubo da Costa freebsd_committer freebsd_triage 2016-11-30 10:33:03 UTC

Thanks for the heads-up; I'm on it.

Comment 2 commit-hook freebsd_committer freebsd_triage 2016-11-30 10:50:37 UTC

A commit references this bug:

Author: rakuco Date: Wed Nov 30 10:50:13 UTC 2016 New revision: 427417 URL: https://svnweb.freebsd.org/changeset/ports/427417

Log: Import upstream patch to fix CVE-2016-9296

Null pointer dereference can cause 7z to crash.

PR: 214940 Reported by: Sevan Janiyan <venture37@geeklan.co.uk> MFH: 2016Q4 Security: 48e83187-b6e9-11e6-b6cf-5453ed2e2b49 Security: CVE-2016-9296

Changes: head/archivers/p7zip/Makefile head/archivers/p7zip/files/patch-CPP_7zip_Archive_7z_7zIn.cpp

Comment 3 Raphael Kubo da Costa freebsd_committer freebsd_triage 2016-11-30 10:52:19 UTC

Thanks again. I updated vuln.xml in ports r427416 but forgot to reference this PR. I'm closing it, and will merge the fix to the 2016Q4 branch as soon as it is approved.

Comment 4 commit-hook freebsd_committer freebsd_triage 2016-12-01 09:19:46 UTC

A commit references this bug:

Author: rakuco Date: Thu Dec 1 09:19:09 UTC 2016 New revision: 427480 URL: https://svnweb.freebsd.org/changeset/ports/427480

Log: MFH: r427417

Import upstream patch to fix CVE-2016-9296

Null pointer dereference can cause 7z to crash.

PR: 214940 Reported by: Sevan Janiyan <venture37@geeklan.co.uk> Security: 48e83187-b6e9-11e6-b6cf-5453ed2e2b49 Security: CVE-2016-9296

Approved by: ports-secteam (junovitch)

Changes: _U branches/2016Q4/ branches/2016Q4/archivers/p7zip/Makefile branches/2016Q4/archivers/p7zip/files/patch-CPP_7zip_Archive_7z_7zIn.cpp