Date: Wed, 13 Oct 2021 06:22:30 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 259127] net/libyang: Update to 2.0.97 and multiple CVE fixes Message-ID: <bug-259127-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259127 Bug ID: 259127 Summary: net/libyang: Update to 2.0.97 and multiple CVE fixes Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/CESNET/libyang/releases/tag/v2.0.97 OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: olivier@freebsd.org Reporter: diizzy@FreeBSD.org Flags: maintainer-feedback?(olivier@freebsd.org) Assignee: olivier@freebsd.org Created attachment 228647 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D228647&action= =3Dedit Patch for libyang Fixes mutiple CVEs however there's no support in FRR v7.x for libyang 2.x Connect unit testing to port 1.x branch is also deprecated by upstream as of 1.0.240, there's a tagged 1.0.255 release in repo but it's not listed on as a release on upstream's website CVE-2021-28902 CVE-2021-28903 CVE-2021-28904 CVE-2021-28905 CVE-2021-28906 References: https://git.alpinelinux.org/aports/commit/community/libyang/APKBUILD?id=3Dd= b25b534f847200f11649c31a3a0140775061704 https://github.com/CESNET/libyang/releases/tag/v1.0.240 https://github.com/CESNET/libyang/releases/tag/v1.0.225 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259127-7788>