Created attachment 218602 [details] Patch for jpeg-turbo Update (lib)jpeg-turbo to version 2.0.5 (fixes CVE-2020-13790) Update CPE vendor Compile tested on FreeBSD 13.0-CURRENT #0 r364979 (amd64) (make + make test) Poudriere testport OK 12.1-RELEASE (amd64) including libjpeg-turbo port
Unless someone beats me to it I'll add a vuxml entry/patch during the weekend.
Created attachment 218650 [details] VuXML entry, turbo-jpeg and mozjpeg My first attempt, please fix if I did something wrong.
A commit references this bug: Author: antoine Date: Sun Oct 11 06:44:47 UTC 2020 New revision: 552029 URL: https://svnweb.freebsd.org/changeset/ports/552029 Log: Update to 2.0.5 PR: 250190 MFH: 2020Q4 Changes: head/graphics/jpeg-turbo/Makefile head/graphics/jpeg-turbo/distinfo
A commit references this bug: Author: antoine Date: Sun Oct 11 06:46:16 UTC 2020 New revision: 552030 URL: https://svnweb.freebsd.org/changeset/ports/552030 Log: MFH: r552029 Update to 2.0.5 PR: 250190 Changes: _U branches/2020Q4/ branches/2020Q4/graphics/jpeg-turbo/Makefile branches/2020Q4/graphics/jpeg-turbo/distinfo
Over to ports-secteam for the vuxml stuff
Friendly ping
A commit references this bug: Author: fluffy Date: Mon Nov 16 11:13:15 UTC 2020 New revision: 555466 URL: https://svnweb.freebsd.org/changeset/ports/555466 Log: VuXML: document mozjpeg and libjpeg-turbo recent vulnerabilities PR: 250190 Submitted by: daniel.engberg.lists@pyret.net Changes: head/security/vuxml/vuln.xml
(In reply to daniel.engberg.lists from comment #6) (with hat: ports-secteam) Done!
Thanks!