[Bug 204044] net-mgmt/lldpd: Update to 0.7.19, security-related

Mon Oct 26 19:38:15 UTC 2015

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204044

            Bug ID: 204044
           Summary: net-mgmt/lldpd: Update to 0.7.19, security-related
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: freebsd at simweb.ch

Created attachment 162481
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=162481&action=edit
Updates lldpd to 0.7.19

Dear port commiters

Here are 2 patches, one updating the port net-mgmt/lldpd to 0.7.19 which closed
a buffer overflow that was introduced with version 0.5.6 but only if hardening
was explicitely disabled. 

Hardening was explicitely enabled when I bumped the port to 0.7.16 thus even
the current port as of writing shouldn't be vulnerable.

The second patch is an attempt after some RTFM to update vuln.xml, I'm not sure
if that fits, though at least xmllint says it's valid XML. I hope this follows
the process for vuxml.

The changes have passed a poudriere testport in 9.2 and 10.2 amd64 jail as well
as a quick runtime check.

-- Mathieu

-- 
You are receiving this mail because:
You are the assignee for the bug.