[Bug 259127] net/libyang: Update to 2.0.97 and multiple CVE fixes

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 13 Oct 2021 06:22:30 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259127

            Bug ID: 259127
           Summary: net/libyang: Update to 2.0.97 and multiple CVE fixes
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/CESNET/libyang/releases/tag/v2.0.97
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: olivier@freebsd.org
          Reporter: diizzy@FreeBSD.org
             Flags: maintainer-feedback?(olivier@freebsd.org)
          Assignee: olivier@freebsd.org

Created attachment 228647
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=228647&action=edit
Patch for libyang

Fixes mutiple CVEs however there's no support in FRR v7.x for libyang 2.x
Connect unit testing to port

1.x branch is also deprecated by upstream as of 1.0.240, there's a tagged
1.0.255 release in repo but it's not listed on as a release on upstream's
website

CVE-2021-28902
CVE-2021-28903
CVE-2021-28904
CVE-2021-28905
CVE-2021-28906

References:
https://git.alpinelinux.org/aports/commit/community/libyang/APKBUILD?id=db25b534f847200f11649c31a3a0140775061704
https://github.com/CESNET/libyang/releases/tag/v1.0.240
https://github.com/CESNET/libyang/releases/tag/v1.0.225

-- 
You are receiving this mail because:
You are the assignee for the bug.