Bug 205676 - graphics/giflib - Heap overflow
Summary: graphics/giflib - Heap overflow
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ports Security Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-29 01:41 UTC by Sevan Janiyan
Modified: 2016-02-26 16:05 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (portmgr)

Attachments
update to 5.1.2 (5.72 KB, patch)
2016-01-09 09:58 UTC, Antoine Brodin 		no flags Details | Diff
update to 5.1.2 bis (5.24 KB, patch)
2016-02-26 16:03 UTC, Antoine Brodin 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2015-12-29 01:41:45 UTC 
CVE-2015-7555
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7555
Comment 1 Mark Felder freebsd_committer freebsd_triage 2016-01-08 18:50:33 UTC 
assigning to ports-secteam
Comment 2 Antoine Brodin freebsd_committer freebsd_triage 2016-01-09 09:58:59 UTC 
Created attachment 165299 [details]
update to 5.1.2

The attached patch updates the port to 5.1.2 which may fix some of the vulnerabilities.
reallocarray is now exported by libgif,  I tried to remove this as I believe it's not right
Comment 3 Antoine Brodin freebsd_committer freebsd_triage 2016-02-26 16:03:27 UTC 
Created attachment 167444 [details]
update to 5.1.2 bis
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-02-26 16:04:18 UTC 
A commit references this bug:

Author: feld
Date: Fri Feb 26 16:03:36 UTC 2016
New revision: 409619
URL: https://svnweb.freebsd.org/changeset/ports/409619

Log:
  graphics/giflib: Add patches to prevent exporting reallocarray

  PR:		205676
  MFH:		2016Q1

Changes:
  head/graphics/giflib/Makefile
  head/graphics/giflib/files/
  head/graphics/giflib/files/extra-patch-hide-reallocarray
  head/graphics/giflib/files/extra-patch-unbundle-reallocarray
  head/graphics/giflib/files/patch-lib_gif__lib.h
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-02-26 16:05:20 UTC 
A commit references this bug:

Author: feld
Date: Fri Feb 26 16:04:55 UTC 2016
New revision: 409621
URL: https://svnweb.freebsd.org/changeset/ports/409621

Log:
  MFH: r409619

  graphics/giflib: Add patches to prevent exporting reallocarray

  PR:		205676
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/graphics/giflib/Makefile
  branches/2016Q1/graphics/giflib/files/