OpenBSD ports changes summary for 2016-07-20 ============================================
lang/go net/isc-bind net/libupnp www/py-django == lang ============================================================== 01/03 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang go ~ Makefile ~ distinfo > Security update to 1.6.3 (CVE-2016-5386) > ok jsing@, naddy@ (pea@) == net =============================================================== 02/03 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net isc-bind - patches/patch-configure_in - patches/patch-lib_dns_dst_openssl_h - patches/patch-lib_dns_openssl_link_c - patches/patch-lib_dns_openssldh_link_c - patches/patch-lib_dns_openssldsa_link_c - patches/patch-lib_dns_opensslrsa_link_c ~ Makefile ~ distinfo TAGGED OPENBSD_5_9 > Update to BIND 9.10.4-P2, fixes CVE-2016-2775 ("getrrsetbyname with a non > absolute name could trigger an infinite recursion bug in lwres[..]"; > affects > users of lwresd and users with "lwres" enabled in their configuration). > ok sthen@ (jasper@) libupnp ~ Makefile + patches/patch-upnp_src_genlib_net_http_webserver_c TAGGED OPENBSD_5_9 > patch libupnp to not allowing unhandled POSTs to write to the filesystem. > http://www.openwall.com/lists/oss-security/2016/07/18/13 > original commit by semarie@ > ok sthen@ (jasper@) == www =============================================================== 03/03 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www py-django ~ lts/Makefile ~ lts/distinfo ~ lts/pkg/PLIST ~ stable/Makefile ~ stable/distinfo ~ stable/pkg/PLIST > Django security releases issued: 1.9.8 and 1.8.14. > ok naddy@ (rpointel@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
