Bug 223629 - security/vuxml: Document multiple vulnerabilities in GraphicsMagick 1.3.26
Summary: security/vuxml: Document multiple vulnerabilities in GraphicsMagick 1.3.26
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Po-Chuan Hsieh
URL: https://sourceforge.net/p/graphicsmag...
Keywords: needs-qa, patch, security
Depends on: 224228
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-12 12:23 UTC by VK
Modified: 2018-06-20 19:40 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)
vlad-fbsd: maintainer-feedback? (sunpoet)

Attachments
Document multiple vulns in GraphicsMagick 1.3.26 (1.63 KB, patch)
2017-11-12 12:23 UTC, VK 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description VK 2017-11-12 12:23:03 UTC 
Created attachment 187939 [details]
Document multiple vulns in GraphicsMagick 1.3.26

Multiple vulnerabilities have been fixed since GraphicsMagick 1.3.26 has been released. This patch documents those.

In addition, some of the vulns are not listed here, because they're already listed for ImageMagick (as cvenames):

* CVE-2017-8350
* CVE-2017-8351
* CVE-2017-8353
* CVE-2017-9142

Therefore VUID 50776801-4183-11e7-b291-b499baebfeaf (that lists those) would have to be modified to include GraphicsMagick.

I'm marking this with `needs-qa` as I'd like the GraphicsMagick's maintainer feedback on this (cc'd) first. All these are documented in commits _after_ 1.3.26 was released and there's no newer upstream release yet.
Comment 1 VK 2017-12-27 21:49:32 UTC 
Bump.
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-06-20 19:39:15 UTC 
A commit references this bug:

Author: sunpoet
Date: Wed Jun 20 19:38:13 UTC 2018
New revision: 472936
URL: https://svnweb.freebsd.org/changeset/ports/472936

Log:
  Document GraphicsMagick vulnerability

  PR:		223629
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

Changes:
  head/security/vuxml/vuln.xml
Comment 3 Po-Chuan Hsieh freebsd_committer freebsd_triage 2018-06-20 19:40:06 UTC 
Committed. Thanks!