Subject: CVS commit: [pkgsrc-2015Q4] pkgsrc/chat/libotr
From: Benny Siegert
Date: 2016-03-22 20:04:34
Message id: 20160322190435.0899DFBB5@cvs.NetBSD.org

Log Message:
Pullup ticket #4954 - requested by gdt
chat/libotr: security fix

Revisions pulled up:
- chat/libotr/Makefile                                          1.18
- chat/libotr/distinfo                                          1.12

---
   Module Name:	pkgsrc
   Committed By:	gdt
   Date:		Wed Mar  9 18:04:17 UTC 2016

   Modified Files:
   	pkgsrc/chat/libotr: Makefile distinfo

   Log Message:
   Update to 4.1.1.

   This is a security release addressing CVE-2016-2851.

   - Fix an integer overflow bug that can cause a heap buffer overflow (and
     from there remote code execution) on 64-bit platforms
   - Fix possible free() of an uninitialized pointer
   - Be stricter about parsing v3 fragments
   - Add a testsuite ("make check" to run it), but only on Linux for now,
     since it uses Linux-specific features such as epoll
   - Fix a memory leak when reading a malformed instance tag file
   - Protocol documentation clarifications

Files:
RevisionActionfile
1.17.10.1modifypkgsrc/chat/libotr/Makefile
1.11.2.1modifypkgsrc/chat/libotr/distinfo