MFH r307263 by eadler:

Apply an upstream patch that fixes a security hole
when receiving a special colored message.

The maintainer was contacted but due to the nature of
the issue apply the patch ASAP.

Approved by:	secteam-ports (swills)
Security:	e02c572f-2af0-11e2-bb44-003067b2972c

MFH r307275 by jase:
- Update to 0.3.9.1

Changes:	http://www.weechat.org/files/changelog/ChangeLog-0.3.9.1.html

MFH r307276 by jase:
- Remove extraneous patch

MFH r307279 by jase:
- Update to 20121110
- Remove extraneous patch

MFH r307387 by jase:
- Update recent weechat entry (e02c572f-2af0-11e2-bb44-003067b2972c)

- Document assigned CVE Identifier
- Document workaround for vulnerable versions

Feature safe:	yes

5 files changed, 11 insertions, 8 deletions

diff --git a/irc/weechat-devel/Makefile b/irc/weechat-devel/Makefile
index b3ba24e2879b..970cc0d9ce79 100644
--- a/irc/weechat-devel/Makefile
+++ b/irc/weechat-devel/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	weechat
-PORTVERSION=	20121103
+PORTVERSION=	20121110
 CATEGORIES=	irc
 MASTER_SITES=	http://perturb.me.uk/distfiles/ \
 		${MASTER_SITE_LOCAL}
@@ -26,7 +26,7 @@ WANT_PERL=	yes
 LIB_DEPENDS+=	curl:${PORTSDIR}/ftp/curl \
 		gcrypt:${PORTSDIR}/security/libgcrypt
 
-GITREV=	c848cb4
+GITREV=	7cd376b
 WRKSRC=	${WRKDIR}/${PORTNAME}-${GITREV}
 
 # Please note: the DEBUG option is *NOT* empty, it is utilised by
diff --git a/irc/weechat-devel/distinfo b/irc/weechat-devel/distinfo
index 4347849cbf67..61fb037eddb5 100644
--- a/irc/weechat-devel/distinfo
+++ b/irc/weechat-devel/distinfo
@@ -1,2 +1,2 @@
-SHA256 (weechat-devel-c848cb4.tar.gz) = 0addead395d9eaeafa782996ccc447dafa3b5138d3e21285b602abf37c614655
-SIZE (weechat-devel-c848cb4.tar.gz) = 2511229
+SHA256 (weechat-devel-7cd376b.tar.gz) = dd10c1ab81051ec3476ad95a12c4c70cd8161a5f0dbcc7f0659e3d2602a79ef2
+SIZE (weechat-devel-7cd376b.tar.gz) = 2517031
diff --git a/irc/weechat/Makefile b/irc/weechat/Makefile
index f3decffc6835..cdbe5008f0a0 100644
--- a/irc/weechat/Makefile
+++ b/irc/weechat/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	weechat
-PORTVERSION=	0.3.9
+PORTVERSION=	0.3.9.1
 CATEGORIES=	irc
 MASTER_SITES=	http://weechat.org/files/src/
 
diff --git a/irc/weechat/distinfo b/irc/weechat/distinfo
index 0d764e0f9654..e8dc78e3bf12 100644
--- a/irc/weechat/distinfo
+++ b/irc/weechat/distinfo
@@ -1,2 +1,2 @@
-SHA256 (weechat-0.3.9.tar.gz) = 8666c788cbb212036197365df3ba3cf964a23e4f644d76ea51d66dbe3be593bb
-SIZE (weechat-0.3.9.tar.gz) = 3761786
+SHA256 (weechat-0.3.9.1.tar.gz) = 9a6ad4aacbda9c5524dc519cc8782621d59ba1bf0556e64f5ae4f9102f28b29d
+SIZE (weechat-0.3.9.1.tar.gz) = 3756617
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 4edb88decbaa..508242d058f5 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -134,10 +134,13 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="https://savannah.nongnu.org/bugs/?37704">
 	  <p>A buffer overflow is causing a crash or freeze of WeeChat when 
 	  decoding IRC colors in strings.</p>
+	  <p>Workaround for a non-patched version: 
+	  /set irc.network.colors_receive off</p>
 	</blockquote>
       </body>
     </description>
     <references>
+      <cvename>CVE-2012-5854</cvename>
       <freebsdpr>ports/173513</freebsdpr>
       <url>http://weechat.org/security/</url>
       <url>https://savannah.nongnu.org/bugs/?37704</url>
@@ -145,7 +148,7 @@ Note:  Please add new entries to the beginning of this file.
     <dates>
       <discovery>2012-11-09</discovery>
       <entry>2012-11-10</entry>
-      <modified>2012-11-10</modified>
+      <modified>2012-11-13</modified>
     </dates>
   </vuln>