Created attachment 200585 [details] openjpeg.patch Hi, I'm submiting this patch trying to clean up the vulnerabilities this package have, first some clarifications: r477112 fixes CVE-2017-17479 and CVE-2017-17480 but is still showing as vulnerable in openjpeg-2.3.0_2 is that intended until all vulnerabilities has been fixed? If not then I have also attached a patch for vuxml. Additionally I'm submitting a patch for CVE-2018-6616, so the only remaining vulnerability is CVE-2018-5727. Thanks!
Created attachment 200586 [details] vuxml update
A commit references this bug: Author: sunpoet Date: Sat Jan 5 22:47:22 UTC 2019 New revision: 489415 URL: https://svnweb.freebsd.org/changeset/ports/489415 Log: Fix CVE-2018-6616 - Bump PORTREVISION for package change Obtained from: https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3 PR: 234473 Submitted by: Andres Montalban <amontalban@gmail.com> Changes: head/graphics/openjpeg/Makefile head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c
I've updated the openjpeg status in vuxml entry. I guess it's enough given it's not fully fixed yet. Committed. Thanks!
A commit references this bug: Author: sunpoet Date: Thu Jan 24 16:19:00 UTC 2019 New revision: 491096 URL: https://svnweb.freebsd.org/changeset/ports/491096 Log: MFH: r489415 Fix CVE-2018-6616 - Bump PORTREVISION for package change Obtained from: https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3 PR: 234473 Submitted by: Andres Montalban <amontalban@gmail.com> Approved by: ports-secteam (delphij) Changes: _U branches/2019Q1/ branches/2019Q1/graphics/openjpeg/Makefile branches/2019Q1/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c