Created attachment 247188 [details] Patch for libheif Fixes following CVEs: CVE-2023-49462 CVE-2023-49463 References: https://nvd.nist.gov/vuln/detail/CVE-2023-49462 https://nvd.nist.gov/vuln/detail/CVE-2023-49463 Compile and runtime tested on FreeBSD 13.2-RELEASE (amd64) (make, make check-plist, make test) Poudriere testport OK 13.2-RELEASE (amd64) Poudriere testport OK 12.4-RELEASE (amd64) Tested with following consumers in Poudriere, 13.2-RELEASE: astro/siril graphics/ImageMagick6 graphics/ImageMagick7 graphics/cimg graphics/darktable graphics/digikam graphics/geeqie graphics/gimp-app graphics/imv graphics/kf5-kimageformats graphics/krita graphics/openimageio graphics/py-openimageio graphics/py-pillow-heif graphics/vips x11/swayimg x11/wallutils
Thanks, Daniel!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=68e951bfddd94d7aab72226214a513032b8f903a commit 68e951bfddd94d7aab72226214a513032b8f903a Author: Daniel Engberg <diizzy@FreeBSD.org> AuthorDate: 2023-12-25 19:14:20 +0000 Commit: Daniel Engberg <diizzy@FreeBSD.org> CommitDate: 2023-12-25 19:14:28 +0000 graphics/libheif: Update to 1.17.6 Fixes following CVEs: CVE-2023-49462 CVE-2023-49463 Changelog: https://github.com/strukturag/libheif/releases/tag/v1.17.6 References: https://nvd.nist.gov/vuln/detail/CVE-2023-49462 https://nvd.nist.gov/vuln/detail/CVE-2023-49463 PR: 275873 Reviewed by: makc (maintainer) Sponsored by: Blinkinblox graphics/libheif/Makefile | 3 +-- graphics/libheif/distinfo | 6 +++--- graphics/libheif/files/patch-gnome_CMakeLists.txt (gone) | 7 ------- 3 files changed, 4 insertions(+), 12 deletions(-)
Committed, thanks!