CVE-2015-7555 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7555
assigning to ports-secteam
Created attachment 165299 [details] update to 5.1.2 The attached patch updates the port to 5.1.2 which may fix some of the vulnerabilities. reallocarray is now exported by libgif, I tried to remove this as I believe it's not right
Created attachment 167444 [details] update to 5.1.2 bis
A commit references this bug: Author: feld Date: Fri Feb 26 16:03:36 UTC 2016 New revision: 409619 URL: https://svnweb.freebsd.org/changeset/ports/409619 Log: graphics/giflib: Add patches to prevent exporting reallocarray PR: 205676 MFH: 2016Q1 Changes: head/graphics/giflib/Makefile head/graphics/giflib/files/ head/graphics/giflib/files/extra-patch-hide-reallocarray head/graphics/giflib/files/extra-patch-unbundle-reallocarray head/graphics/giflib/files/patch-lib_gif__lib.h
A commit references this bug: Author: feld Date: Fri Feb 26 16:04:55 UTC 2016 New revision: 409621 URL: https://svnweb.freebsd.org/changeset/ports/409621 Log: MFH: r409619 graphics/giflib: Add patches to prevent exporting reallocarray PR: 205676 Approved by: ports-secteam (with hat) Changes: _U branches/2016Q1/ branches/2016Q1/graphics/giflib/Makefile branches/2016Q1/graphics/giflib/files/