Bug 225544 - graphics/tiff: fix security vulnerabilities (CVE-2017-9935, CVE-2017-18013) and etc
Summary: graphics/tiff: fix security vulnerabilities (CVE-2017-9935, CVE-2017-18013) a...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Port Management Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-29 20:36 UTC by Yasuhiro Kimura
Modified: 2018-01-30 19:49 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (portmgr)

Attachments
patch file (7.19 KB, patch)
2018-01-29 20:36 UTC, Yasuhiro Kimura 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura freebsd_committer freebsd_triage 2018-01-29 20:36:48 UTC 
Created attachment 190171 [details]
patch file

* Add patch to fix security vulnerabilities (CVE-2017-9935, CVE-2017-18013).
* Switch to use post-install-DOCS-on target.
* Bump PORTREVISION.

Patches are obtained from Debian:

https://sources.debian.org/src/tiff/4.0.9-3/debian/patches/CVE-2017-9935.patch/
https://sources.debian.org/src/tiff/4.0.9-3/debian/patches/CVE-2017-18013.patch/
Comment 1 Yasuhiro Kimura freebsd_committer freebsd_triage 2018-01-29 21:20:28 UTC 
I submitted bug #225545 which adds entry for these vulnerabilities to security/vuxml. So please commit it too.
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-01-29 21:33:39 UTC 
A commit references this bug:

Author: antoine
Date: Mon Jan 29 21:32:59 UTC 2018
New revision: 460339
URL: https://svnweb.freebsd.org/changeset/ports/460339

Log:
  Apply patches for CVE-2017-9935 and CVE-2017-18013

  PR:		225544
  Submitted by:	Yasuhiro KIMURA
  Obtained from:	Debian
  MFH after:	2 days
  MFH:		2018Q1

Changes:
  head/graphics/tiff/Makefile
  head/graphics/tiff/files/patch-CVE-2017-18013
  head/graphics/tiff/files/patch-CVE-2017-9935
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-01-30 19:48:17 UTC 
A commit references this bug:

Author: antoine
Date: Tue Jan 30 19:47:39 UTC 2018
New revision: 460432
URL: https://svnweb.freebsd.org/changeset/ports/460432

Log:
  MFH: r460339

  Apply patches for CVE-2017-9935 and CVE-2017-18013

  PR:		225544
  Submitted by:	Yasuhiro KIMURA
  Obtained from:	Debian

Changes:
_U  branches/2018Q1/
  branches/2018Q1/graphics/tiff/Makefile
  branches/2018Q1/graphics/tiff/files/patch-CVE-2017-18013
  branches/2018Q1/graphics/tiff/files/patch-CVE-2017-9935