Bug 211562 - graphics/gd - multiple vulnerabilities
Summary: graphics/gd - multiple vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Dirk Meyer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-04 00:54 UTC by Sevan Janiyan
Modified: 2016-08-28 17:54 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (dinoex)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2016-08-04 00:54:20 UTC
currently vulnerable and missing vuxml entry for
CVE-2016-6207
CVE-2016-6214
CVE-2016-6132
CVE-2016-5766
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-08-04 14:50:16 UTC
A commit references this bug:

Author: feld
Date: Thu Aug  4 14:49:49 UTC 2016
New revision: 419621
URL: https://svnweb.freebsd.org/changeset/ports/419621

Log:
  Document gd vulnerabilities

  PR:		211562

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Mark Felder freebsd_committer freebsd_triage 2016-08-04 15:21:50 UTC
I have a patch to update to 2.2.3 but the shlib is moving from libgd.so.6.0.20202 to lib/libgd.so.6.0.3 and I think there was special handling of the shlib here, so I'd like maintainer to weigh in.
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-08-28 17:43:33 UTC
A commit references this bug:

Author: dinoex
Date: Sun Aug 28 17:42:43 UTC 2016
New revision: 421029
URL: https://svnweb.freebsd.org/changeset/ports/421029

Log:
  - update to 2.2.3
  - remove option VPX
  Security: CVE-2016-6207
  Security: CVE-2016-6214
  Security: CVE-2016-6132
  Security: CVE-2016-5766
  PR:		211562
  MFH:		2016Q3

Changes:
  head/graphics/gd/Makefile
  head/graphics/gd/distinfo
  head/graphics/gd/files/patch-configure
  head/graphics/gd/files/patch-gd_tga.c
  head/graphics/gd/files/patch-gdft.c
  head/graphics/gd/pkg-plist