250616 – graphics/jpeg: update or remove

Bug 250616 - graphics/jpeg: update or remove

Summary: graphics/jpeg: update or remove

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Port Management Team

URL:
Keywords:	security

Depends on:
Blocks:

Reported:	2020-10-25 22:45 UTC by Jan Beich
Modified:	2020-10-26 20:22 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (portmgr)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jan Beich freebsd_committer

2020-10-25 22:45:36 UTC

v8d was released on 2012-01-15 while v9d (current) was released on 2020-01-12. The version in ports is vulnerable to at least CVE-2020-14152 and CVE-2020-14153.

If you plan to update also add USES=cpe with CPE_VENDOR=ijg CPE_PRODUCT=libjpeg. Alternatively, there's no reason to keep this port after ports r397084 with review D18724 partially confirimng lack of interest.

https://www.ijg.org/files/
https://repology.org/project/jpeg/versions
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&seach_type=all&query=cpe:2.3:a:ijg:libjpeg:8d

Comment 1 commit-hook freebsd_committer

2020-10-26 20:21:47 UTC

A commit references this bug:

Author: antoine
Date: Mon Oct 26 20:21:06 UTC 2020
New revision: 553383
URL: https://svnweb.freebsd.org/changeset/ports/553383

Log:
  Deprecate graphics/jpeg

  PR:		250616

Changes:
  head/graphics/jpeg/Makefile

Comment 2 Antoine Brodin freebsd_committer

2020-10-26 20:22:11 UTC

graphics/jpeg was deprecated.