Bug 225544 - graphics/tiff: fix security vulnerabilities (CVE-2017-9935, CVE-2017-18013) and etc
Summary: graphics/tiff: fix security vulnerabilities (CVE-2017-9935, CVE-2017-18013) a...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Port Management Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-29 20:36 UTC by Yasuhiro Kimura
Modified: 2018-01-30 19:49 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (portmgr)


Attachments
patch file (7.19 KB, patch)
2018-01-29 20:36 UTC, Yasuhiro Kimura
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura freebsd_committer freebsd_triage 2018-01-29 20:36:48 UTC
Created attachment 190171 [details]
patch file

* Add patch to fix security vulnerabilities (CVE-2017-9935, CVE-2017-18013).
* Switch to use post-install-DOCS-on target.
* Bump PORTREVISION.

Patches are obtained from Debian:

https://sources.debian.org/src/tiff/4.0.9-3/debian/patches/CVE-2017-9935.patch/
https://sources.debian.org/src/tiff/4.0.9-3/debian/patches/CVE-2017-18013.patch/
Comment 1 Yasuhiro Kimura freebsd_committer freebsd_triage 2018-01-29 21:20:28 UTC
I submitted bug #225545 which adds entry for these vulnerabilities to security/vuxml. So please commit it too.
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-01-29 21:33:39 UTC
A commit references this bug:

Author: antoine
Date: Mon Jan 29 21:32:59 UTC 2018
New revision: 460339
URL: https://svnweb.freebsd.org/changeset/ports/460339

Log:
  Apply patches for CVE-2017-9935 and CVE-2017-18013

  PR:		225544
  Submitted by:	Yasuhiro KIMURA
  Obtained from:	Debian
  MFH after:	2 days
  MFH:		2018Q1

Changes:
  head/graphics/tiff/Makefile
  head/graphics/tiff/files/patch-CVE-2017-18013
  head/graphics/tiff/files/patch-CVE-2017-9935
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-01-30 19:48:17 UTC
A commit references this bug:

Author: antoine
Date: Tue Jan 30 19:47:39 UTC 2018
New revision: 460432
URL: https://svnweb.freebsd.org/changeset/ports/460432

Log:
  MFH: r460339

  Apply patches for CVE-2017-9935 and CVE-2017-18013

  PR:		225544
  Submitted by:	Yasuhiro KIMURA
  Obtained from:	Debian

Changes:
_U  branches/2018Q1/
  branches/2018Q1/graphics/tiff/Makefile
  branches/2018Q1/graphics/tiff/files/patch-CVE-2017-18013
  branches/2018Q1/graphics/tiff/files/patch-CVE-2017-9935